CVE-2019-5786
published 2019-06-27CVE-2019-5786: Object lifetime issue in Blink in Google Chrome prior to 72.0.3626.121 allowed a remote attacker to potentially perform out of bounds memory access via a…
PriorityP181medium6.5CVSS 3.1
AVNACLPRNUIRSUCNINAH
KEVITWEXPLOIT
CISA Known Exploited Vulnerabilitydue 2022-06-13
Exploited in the wild
EPSS
61.54%
99.1th percentile
Object lifetime issue in Blink in Google Chrome prior to 72.0.3626.121 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page.
Affected
7 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| chromium | chromium | >= 0 < 72.0.3626.121-1 | 72.0.3626.121-1 |
| chromium | chromium | >= 0 < 72.0.3626.121-1 | 72.0.3626.121-1 |
| chromium | chromium | >= 0 < 72.0.3626.121-1 | 72.0.3626.121-1 |
| chromium | chromium | >= 0 < 72.0.3626.121-1 | 72.0.3626.121-1 |
| debian | chromium | < chromium 72.0.3626.121-1 (bookworm) | chromium 72.0.3626.121-1 (bookworm) |
| chrome | < 72.0.3626.121 | 72.0.3626.121 | |
| chrome | >= unspecified < 72.0.3626.121 | 72.0.3626.121 |
Detection & IOCsextracted from sources · hover to see the quote
bytes↗
0x0, 0x61, 0x73, 0x6d, 0x1, 0x0, 0x0, 0x0
- →CVE-2019-5786 is exploited via a crafted HTML page delivered through the browser; the Metasploit module serves /exploit.html and /worker.js from a malicious HTTP server — monitor for browser requests to these paths on non-standard web servers. ↗
- →The exploit uses FileReader.readAsArrayBuffer to trigger a use-after-free on a 128 MB string blob ('Z' * 128MB); large ArrayBuffer allocations combined with repeated FileReader calls in a short window are a behavioural indicator. ↗
- →The exploit spawns a Web Worker (worker.js) alongside the main exploit page; a parent iframe loading exploit.html combined with a worker.js request from the same origin is a strong exploit-chain indicator. ↗
- →Shellcode is written into a WebAssembly RWX page; detect creation of WebAssembly.Module/Instance objects immediately followed by arbitrary memory writes in Chrome renderer processes on Windows 7 x86. ↗
- →The Metasploit module defaults to windows/meterpreter/reverse_tcp payload; post-exploitation network connections from chrome.exe (or its child processes) to external IPs on arbitrary high ports should be treated as suspicious. ↗
- →The exploit requires the Chrome sandbox to be disabled (--no-sandbox) for the payload to execute; monitor Chrome process launch arguments for --no-sandbox on end-user machines. ↗
- →The exploit uses two heap-spray marker constants (0x36313233 and 0x37414546) to locate controlled memory; these 4-byte little-endian values appearing in Chrome heap dumps or memory forensics are a strong indicator of this exploit. ↗
- ·The Metasploit exploit module targets only Chrome 72.0.3626.119 on Windows 7 x86; the vulnerability (CVE-2019-5786) affects all Chrome versions prior to 72.0.3626.121, but this specific exploit code will not work against other OS/arch combinations without modification. ↗
- ·Sandbox must be explicitly disabled for the payload to execute; in-the-wild exploitation likely paired this with a separate sandbox-escape or privilege-escalation (CVE-2019-0808) rather than relying on --no-sandbox. ↗
CVSS provenance
nvdv3.16.5MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:N/A:P
ghsa6.5MEDIUM
osv6.5MEDIUM
vulncheck6.5MEDIUM
cisa6.5MEDIUM
vendor_debian6.5MEDIUM
vendor_redhat6.5MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
Use-After-Free in puppeteer
osv·2020-09-02·CVSS 6.5
CVE-2019-5786 [MEDIUM] Use-After-Free in puppeteer
Use-After-Free in puppeteer
Versions of `puppeteer` prior to 1.13.0 are vulnerable to the Use-After-Free vulnerability in Chromium (CVE-2019-5786). The Chromium FileReader API is vulnerable to Use-After-Free which may lead to Remote Code Execution.
## Recommendation
Upgrade to version 1.13.0 or later.
GHSA
Use-After-Free in puppeteer
ghsa·2020-09-02·CVSS 6.5
CVE-2019-5786 [MEDIUM] CWE-416 Use-After-Free in puppeteer
Use-After-Free in puppeteer
Versions of `puppeteer` prior to 1.13.0 are vulnerable to the Use-After-Free vulnerability in Chromium (CVE-2019-5786). The Chromium FileReader API is vulnerable to Use-After-Free which may lead to Remote Code Execution.
## Recommendation
Upgrade to version 1.13.0 or later.
Project0
Detection Deficit: A Year in Review of 0-days Used In-The-Wild in 2019 - Project Zero
project_zero·2020-07-01
CVE-2016-5195 Detection Deficit: A Year in Review of 0-days Used In-The-Wild in 2019 - Project Zero
Posted by Maddie Stone, Project Zero
In May 2019, Project Zero released our tracking spreadsheet for 0-days used “in the wild” and we started a more focused effort on analyzing and learning from these exploits. This is another way Project Zero is trying to make zero-day hard. This blog post synthesizes many of our efforts and what we’ve seen over the last year. We provide a review of what we can learn from 0-day exploits detected as used in the wild in 2019. In conjunction with this blog post, we are also publishing another blog post today about our root cause analysis work that informed the conclusions in this Year in Review. We are also releasing 8 root cause analyses that we have done for in-the-wild 0-days from 2019.
When I had the idea for this “Year in Review” blog post, I immedi
OSV
CVE-2019-5786: Object lifetime issue in Blink in Google Chrome prior to 72
osv·2019-06-27·CVSS 6.5
CVE-2019-5786 [MEDIUM] CVE-2019-5786: Object lifetime issue in Blink in Google Chrome prior to 72
Object lifetime issue in Blink in Google Chrome prior to 72.0.3626.121 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page.
VulnCheck
Google Chrome Blink Use-After-Free Vulnerability
vulncheck·2019·CVSS 6.5
CVE-2019-5786 [MEDIUM] CWE-416 Google Chrome Blink Use-After-Free Vulnerability
Google Chrome Blink Use-After-Free Vulnerability
Google Chrome Blink contains a heap use-after-free vulnerability that allows an attacker to potentially perform out of bounds memory access via a crafted HTML page.
Affected: Google Chrome Blink
Required Action: Apply updates per vendor instructions.
Exploitation References: https://docs.google.com/spreadsheets/d/1lkNJ0uQwbeC1ZTRrxdtuPLCIl7mlUreoKfSIgajnSyY/edit; https://www.cisa.gov/sites/default/files/feeds/known_exploited_vulnerabilities.json
Exploit PoC: https://vulncheck.com/xdb/b7d5385c6094; https://vulncheck.com/xdb/87f2d6f034f9; https://vulncheck.com/xdb/5d48649bb47a
Remediation Due: 2022-06-13
CISA
Google Chrome Blink Use-After-Free Vulnerability
cisa·2022-05-23·CVSS 6.5
CVE-2019-5786 [MEDIUM] CWE-416 Google Chrome Blink Use-After-Free Vulnerability
Vulnerability: Google Chrome Blink Use-After-Free Vulnerability
Affected: Google Chrome Blink
Google Chrome Blink contains a heap use-after-free vulnerability that allows an attacker to potentially perform out of bounds memory access via a crafted HTML page.
Required Action: Apply updates per vendor instructions.
Notes: https://nvd.nist.gov/vuln/detail/CVE-2019-5786
Remediation Due Date: 2022-06-13
Red Hat
chromium-browser: Use-after-free in FileReader
vendor_redhat·2019-03-01·CVSS 6.5
CVE-2019-5786 [MEDIUM] chromium-browser: Use-after-free in FileReader
chromium-browser: Use-after-free in FileReader
Object lifetime issue in Blink in Google Chrome prior to 72.0.3626.121 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page.
Debian
CVE-2019-5786: chromium - Object lifetime issue in Blink in Google Chrome prior to 72.0.3626.121 allowed a...
vendor_debian·2019·CVSS 6.5
CVE-2019-5786 [MEDIUM] CVE-2019-5786: chromium - Object lifetime issue in Blink in Google Chrome prior to 72.0.3626.121 allowed a...
Object lifetime issue in Blink in Google Chrome prior to 72.0.3626.121 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page.
Scope: local
bookworm: resolved (fixed in 72.0.3626.121-1)
bullseye: resolved (fixed in 72.0.3626.121-1)
forky: resolved (fixed in 72.0.3626.121-1)
sid: resolved (fixed in 72.0.3626.121-1)
trixie: resolved (fixed in 72.0.3626.121-1)
No detection rules found.
Exploit-DB
Google Chrome 72.0.3626.119 - 'FileReader' Use-After-Free (Metasploit)
exploitdb·2019-05-08·CVSS 6.5
CVE-2019-5786 [MEDIUM] Google Chrome 72.0.3626.119 - 'FileReader' Use-After-Free (Metasploit)
Google Chrome 72.0.3626.119 - 'FileReader' Use-After-Free (Metasploit)
---
##
# This module requires Metasploit: https://metasploit.com/download
# Current source: https://github.com/rapid7/metasploit-framework
##
class MetasploitModule 'Chrome 72.0.3626.119 FileReader UaF exploit for Windows 7 x86',
'Description' => %q{
This exploit takes advantage of a use after free vulnerability in Google
Chrome 72.0.3626.119 running on Windows 7 x86.
The FileReader.readAsArrayBuffer function can return multiple references to the
same ArrayBuffer object, which can be freed and overwritten with sprayed objects.
The dangling ArrayBuffer reference can be used to access the sprayed objects,
allowing arbitrary memory access from Javascript. This is used to write and
execute shellcode in a WebAssembly obje
Metasploit
Chrome 72.0.3626.119 FileReader UaF exploit for Windows 7 x86
metasploit
Chrome 72.0.3626.119 FileReader UaF exploit for Windows 7 x86
Chrome 72.0.3626.119 FileReader UaF exploit for Windows 7 x86
This exploit takes advantage of a use after free vulnerability in Google Chrome 72.0.3626.119 running on Windows 7 x86. The FileReader.readAsArrayBuffer function can return multiple references to the same ArrayBuffer object, which can be freed and overwritten with sprayed objects. The dangling ArrayBuffer reference can be used to access the sprayed objects, allowing arbitrary memory access from Javascript. This is used to write and execute shellcode in a WebAssembly object. The shellcode is executed within the Chrome sandbox, so you must explicitly disable the sandbox for the payload to be successful.
arXiv
Robust Machine Learning for Encrypted Traffic Classification
arxiv_fulltext·2020-07-20
Robust Machine Learning for Encrypted Traffic Classification
Robust Machine Learning for Encrypted Traffic Classification
Amit Dvir13,
Yehonatan Zion13,
Jonathan Muehlstein13,
Ofir Pele23
Chen Hajaj34
Ran Dubin3,
1
Department of Computer Science, Ariel University, Israel
2
Department of Electrical and Electronics Engineering, Ariel University, Israel
3
Ariel Cyber Innovation Center, Ariel University, Israel
4
Department of Industrial Engineering & Management, Ariel University, Israel
## Abstract
Desktops and laptops can be maliciously exploited to violate privacy. In this paper, we consider the daily battle between the passive attacker who is targeting a specific user against a user that may be adversarial opponent. In this scenario, while the attacker tries to choose the best vector attack by surreptitiously monitoring the victim's encrypted
Bugzilla
CVE-2019-5786 chromium: chromium-browser: Use-after-free in FileReader [fedora-all]
bugzilla·2019-03-04·CVSS 6.5
CVE-2019-5786 [MEDIUM] CVE-2019-5786 chromium: chromium-browser: Use-after-free in FileReader [fedora-all]
CVE-2019-5786 chromium: chromium-browser: Use-after-free in FileReader [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of fedora-all.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects multiple supported ve
Bugzilla
CVE-2019-5786 chromium-browser: Use-after-free in FileReader
bugzilla·2019-03-04·CVSS 6.5
CVE-2019-5786 [MEDIUM] CVE-2019-5786 chromium-browser: Use-after-free in FileReader
CVE-2019-5786 chromium-browser: Use-after-free in FileReader
An use-after-free flaw was found in the FileReader component of the Chromium browser.
Upstream bug(s):
https://code.google.com/p/chromium/issues/detail?id=936448
External References:
https://chromereleases.googleblog.com/2019/03/stable-channel-update-for-desktop.html
Discussion:
Created chromium tracking bugs for this issue:
Affects: epel-7 [bug 1685165]
Affects: fedora-all [bug 1685164]
---
This issue has been addressed in the following products:
Red Hat Enterprise Linux 6 Supplementary
Via RHSA-2019:0481 https://access.redhat.com/errata/RHSA-2019:0481
Bugzilla
CVE-2019-5786 chromium: chromium-browser: Use-after-free in FileReader [epel-7]
bugzilla·2019-03-04·CVSS 6.5
CVE-2019-5786 [MEDIUM] CVE-2019-5786 chromium: chromium-browser: Use-after-free in FileReader [epel-7]
CVE-2019-5786 chromium: chromium-browser: Use-after-free in FileReader [epel-7]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of epel-7.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
Discussion:
Use the following template to for the 'fe
Tenable
CVE-2020-6418: Google Chrome Type Confusion Vulnerability Exploited in the Wild
blogs_tenable·2020-02-24·CVSS 8.8
[HIGH] CVE-2020-6418: Google Chrome Type Confusion Vulnerability Exploited in the Wild
## Cloud Exposure
Tenable Cloud Security (CNAPP) Request a demo
Tenable Cloud Vulnerability Management Request a demo
Tenable CIEM Request a demo
Secure your cloud
## Vulnerability Exposure
Tenable Vulnerability Management Try for free
Tenable Security Center Request a demo
Tenable Web App Scanning Try for free
Tenable Patch Management Request a demo
Tenable Enclave Security Request a demo
Tenable Attack Surface Management Request a demo
Tenable Nessus Try for free
## AI Exposure
Tenable AI Exposure Request a demo
## OT/IoT Exposure
Tenable OT Security Request a demo
## Identity Exposure
Tenable Identity Exposure Request a demo
## Business needs
Active Directory
AI Security Posture Management (AI-SPM)
AWS security
Azure security
Cloud Security Posture Man
Tenable
CVE-2020-0674: Internet Explorer Remote Code Execution Vulnerability Exploited in the Wild
blogs_tenable·2020-01-20·CVSS 7.5
[HIGH] CVE-2020-0674: Internet Explorer Remote Code Execution Vulnerability Exploited in the Wild
## Cloud Exposure
Tenable Cloud Security (CNAPP) Request a demo
Tenable Cloud Vulnerability Management Request a demo
Tenable CIEM Request a demo
Secure your cloud
## Vulnerability Exposure
Tenable Vulnerability Management Try for free
Tenable Security Center Request a demo
Tenable Web App Scanning Try for free
Tenable Patch Management Request a demo
Tenable Enclave Security Request a demo
Tenable Attack Surface Management Request a demo
Tenable Nessus Try for free
## AI Exposure
Tenable AI Exposure Request a demo
## OT/IoT Exposure
Tenable OT Security Request a demo
## Identity Exposure
Tenable Identity Exposure Request a demo
## Business needs
Active Directory
AI Security Posture Management (AI-SPM)
AWS security
Azure security
Cloud Security Posture Man
Tenable
CVE-2019-1367: Critical Internet Explorer Memory Corruption Vulnerability Exploited In The Wild
blogs_tenable·2019-09-23·CVSS 7.5
[HIGH] CVE-2019-1367: Critical Internet Explorer Memory Corruption Vulnerability Exploited In The Wild
## Cloud Exposure
Tenable Cloud Security (CNAPP) Request a demo
Tenable Cloud Vulnerability Management Request a demo
Tenable CIEM Request a demo
Secure your cloud
## Vulnerability Exposure
Tenable Vulnerability Management Try for free
Tenable Security Center Request a demo
Tenable Web App Scanning Try for free
Tenable Patch Management Request a demo
Tenable Enclave Security Request a demo
Tenable Attack Surface Management Request a demo
Tenable Nessus Try for free
## AI Exposure
Tenable AI Exposure Request a demo
## OT/IoT Exposure
Tenable OT Security Request a demo
## Identity Exposure
Tenable Identity Exposure Request a demo
## Business needs
Active Directory
AI Security Posture Management (AI-SPM)
AWS security
Azure security
Cloud Security Posture Man
Securelist
IT threat evolution Q1 2019. Statistics
blogs_securelist·2019-05-23
IT threat evolution Q1 2019. Statistics
Table of Contents
- Quarterly figures
- Mobile threats
- Attacks on Apple macOS
- IoT attacks
- Financial threats
- Ransomware programs
- Miners
- Vulnerable applications used by cybercriminals
- Attacks via web resources
- Local threats
Authors
- Victor Chebyshev
- Fedor Sinitsyn
- Denis Parinov
- Boris Larin
- Oleg Kupreev
- Evgeny Lopatin
These statistics are based on detection verdicts of Kaspersky Lab products received from users who consented to provide statistical data.
## Quarterly figures
According to Kaspersky Security Network,
- Kaspersky Lab solutions blocked 843,096,461 attacks launched from online resources in 203 countries across the globe.
- 113,640,221 unique URLs were recognized as malicious by Web Anti-Virus components.
- Attempted infections by malware designed t
Krebs
Patch Tuesday, March 2019 Edition
blogs_krebs·2019-03-13·CVSS 7.8
CVE-2019-0808 [HIGH] Patch Tuesday, March 2019 Edition
Microsoft on Tuesday pushed out software updates to fix more than five dozen security vulnerabilities in its Windows operating systems, Internet Explorer, Edge, Office and Sharepoint. If you (ab)use Microsoft products, it’s time once again to start thinking about getting your patches on. Malware or bad guys can remotely exploit roughly one-quarter of the flaws fixed in today’s patch batch without any help from users.
Microsoft also addressed a zero day flaw (CVE-2019-0808) in Windows 7 and Windows Server 2008 that’s been abused in conjunction with a previously unknown weakness (CVE-2019-5786) in Google’s Chrome browser. A security alert from Google last week said attackers were chaining the Windows and Chrome vulnerabilities to drop malicious code onto vulnerable systems.
If you use Chro
Krebs
Patch Tuesday, March 2019 Edition
blogs_krebs·2019-03-13·CVSS 7.8
[HIGH] Patch Tuesday, March 2019 Edition
Microsoft on Tuesday pushed out software updates to fix more than five dozen security vulnerabilities in its Windows operating systems, Internet Explorer , Edge , Office and Sharepoint . If you (ab)use Microsoft products, it’s time once again to start thinking about getting your patches on. Malware or bad guys can remotely exploit roughly one-quarter of the flaws fixed in today’s patch batch without any help from users.
One interesting patch from Microsoft this week comes in response to a zero-day vulnerability ( CVE-2019-0797 ) reported by researchers at Kaspersky Lab, who discovered the bug could be (and is being) exploited to install malicious software.
Microsoft also addressed a zero day flaw ( CVE-2019-0808 ) in Windows 7 and Windows Server 2008 that’s been abused in conjunction wit
Tenable
Use-After-Free Vulnerability in Google Chrome Exploited In The Wild (CVE-2019-5786)
blogs_tenable·2019-03-06·CVSS 6.5
[MEDIUM] Use-After-Free Vulnerability in Google Chrome Exploited In The Wild (CVE-2019-5786)
## Cloud Exposure
Tenable Cloud Security (CNAPP) Request a demo
Tenable Cloud Vulnerability Management Request a demo
Tenable CIEM Request a demo
Secure your cloud
## Vulnerability Exposure
Tenable Vulnerability Management Try for free
Tenable Security Center Request a demo
Tenable Web App Scanning Try for free
Tenable Patch Management Request a demo
Tenable Enclave Security Request a demo
Tenable Attack Surface Management Request a demo
Tenable Nessus Try for free
## AI Exposure
Tenable AI Exposure Request a demo
## OT/IoT Exposure
Tenable OT Security Request a demo
## Identity Exposure
Tenable Identity Exposure Request a demo
## Business needs
Active Directory
AI Security Posture Management (AI-SPM)
AWS security
Azure security
Cloud Security Posture Man
https://chromereleases.googleblog.com/2019/03/stable-channel-update-for-desktop.htmlhttps://crbug.com/936448https://chromereleases.googleblog.com/2019/03/stable-channel-update-for-desktop.htmlhttps://crbug.com/936448https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-5786
2019-06-27
Published
2022-05-23
Added to CISA KEV
Exploited in the wild