CVE-2019-5789
published 2019-05-23CVE-2019-5789: An integer overflow that leads to a use-after-free in WebMIDI in Google Chrome on Windows prior to 73.0.3683.75 allowed a remote attacker who had compromised…
PriorityP260high8.8CVSS 3.1
AVNACLPRNUIRSUCHIHAH
EXPLOIT
EPSS
7.29%
93.6th percentile
An integer overflow that leads to a use-after-free in WebMIDI in Google Chrome on Windows prior to 73.0.3683.75 allowed a remote attacker who had compromised the renderer process to execute arbitrary code via a crafted HTML page.
Affected
11 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| chromium | chromium | >= 0 < 73.0.3683.75-1 | 73.0.3683.75-1 |
| chromium | chromium | >= 0 < 73.0.3683.75-1 | 73.0.3683.75-1 |
| chromium | chromium | >= 0 < 73.0.3683.75-1 | 73.0.3683.75-1 |
| chromium | chromium | >= 0 < 73.0.3683.75-1 | 73.0.3683.75-1 |
| debian | chromium | < chromium 73.0.3683.75-1 (bookworm) | chromium 73.0.3683.75-1 (bookworm) |
| chrome | < 73.0.3683.75 | 73.0.3683.75 | |
| chrome | — | — | |
| opensuse | backports | — | — |
| opensuse | leap | — | — |
| opensuse | leap | — | — |
| opensuse | leap | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Monitor for abuse of MojoJS JavaScript bindings from renderer processes making direct Mojo calls to the MidiManagerWin component, which is the attack vector used to trigger the integer overflow use-after-free without requiring the standard WebMIDI API teardown path. ↗
- →Look for renderer processes on Windows repeatedly creating/destroying MIDI sessions at high frequency (thousands of iterations) to overflow the `static int id` in IssueNextInstanceId within MidiManagerWin — this is the mechanism that enables the use-after-free. ↗
- →The vulnerability is Windows-specific (MidiManagerWin); triage alerts only for Chrome renderer processes running on Windows platforms, as Linux/macOS use MidiManagerAlsa which includes an overflow check. ↗
- ·Exploitation requires a pre-compromised renderer process; this is not a direct one-click RCE from a cold start — a renderer compromise must already exist before this UAF can be leveraged. ↗
- ·Exploitation timing is highly sensitive to system state; the PoC notes shorter runtime immediately after boot and requires clock synchronisation with the system clock, meaning detection windows may vary significantly across environments. ↗
- ·The PoC uses a patched `static short` instead of `static int` for IssueNextInstanceId to reduce test time; in-the-wild exploitation against unpatched Chrome would require the full integer overflow cycle (~4 days from a compromised renderer). ↗
CVSS provenance
nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvdv2.09.3CRITICALAV:N/AC:M/Au:N/C:C/I:C/A:C
osv8.8HIGH
vendor_debian8.8HIGH
vendor_redhat8.8HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Red Hat
chromium-browser: Use after free in WebMIDI
vendor_redhat·2019-03-12·CVSS 8.8
CVE-2019-5789 [HIGH] chromium-browser: Use after free in WebMIDI
chromium-browser: Use after free in WebMIDI
An integer overflow that leads to a use-after-free in WebMIDI in Google Chrome on Windows prior to 73.0.3683.75 allowed a remote attacker who had compromised the renderer process to execute arbitrary code via a crafted HTML page.
Debian
CVE-2019-5789: chromium - An integer overflow that leads to a use-after-free in WebMIDI in Google Chrome o...
vendor_debian·2019·CVSS 8.8
CVE-2019-5789 [HIGH] CVE-2019-5789: chromium - An integer overflow that leads to a use-after-free in WebMIDI in Google Chrome o...
An integer overflow that leads to a use-after-free in WebMIDI in Google Chrome on Windows prior to 73.0.3683.75 allowed a remote attacker who had compromised the renderer process to execute arbitrary code via a crafted HTML page.
Scope: local
bookworm: resolved (fixed in 73.0.3683.75-1)
bullseye: resolved (fixed in 73.0.3683.75-1)
forky: resolved (fixed in 73.0.3683.75-1)
sid: resolved (fixed in 73.0.3683.75-1)
trixie: resolved (fixed in 73.0.3683.75-1)
GHSA
GHSA-v5pq-9p96-j22q: An integer overflow that leads to a use-after-free in WebMIDI in Google Chrome on Windows prior to 73
ghsa_unreviewed·2022-05-24
CVE-2019-5789 [HIGH] CWE-190 GHSA-v5pq-9p96-j22q: An integer overflow that leads to a use-after-free in WebMIDI in Google Chrome on Windows prior to 73
An integer overflow that leads to a use-after-free in WebMIDI in Google Chrome on Windows prior to 73.0.3683.75 allowed a remote attacker who had compromised the renderer process to execute arbitrary code via a crafted HTML page.
OSV
CVE-2019-5789: An integer overflow that leads to a use-after-free in WebMIDI in Google Chrome on Windows prior to 73
osv·2019-05-23·CVSS 8.8
CVE-2019-5789 [HIGH] CVE-2019-5789: An integer overflow that leads to a use-after-free in WebMIDI in Google Chrome on Windows prior to 73
An integer overflow that leads to a use-after-free in WebMIDI in Google Chrome on Windows prior to 73.0.3683.75 allowed a remote attacker who had compromised the renderer process to execute arbitrary code via a crafted HTML page.
No detection rules found.
Bugzilla
CVE-2019-5787 CVE-2019-5788 CVE-2019-5789 CVE-2019-5790 CVE-2019-5791 CVE-2019-5792 CVE-2019-5793 CVE-2019-5794 CVE-2019-5795 CVE-2019-5796 CVE-2019-5797 CVE-2019-5798 CVE-2019-5799 CVE-2019-5800 CVE-
bugzilla·2019-03-13·CVSS 8.8
CVE-2019-5787 [HIGH] CVE-2019-5787 CVE-2019-5788 CVE-2019-5789 CVE-2019-5790 CVE-2019-5791 CVE-2019-5792 CVE-2019-5793 CVE-2019-5794 CVE-2019-5795 CVE-2019-5796 CVE-2019-5797 CVE-2019-5798 CVE-2019-5799 CVE-2019-5800 CVE-
CVE-2019-5787 CVE-2019-5788 CVE-2019-5789 CVE-2019-5790 CVE-2019-5791 CVE-2019-5792 CVE-2019-5793 CVE-2019-5794 CVE-2019-5795 CVE-2019-5796 CVE-2019-5797 CVE-2019-5798 CVE-2019-5799 CVE-2019-5800 CVE-2019-5801 ... chromium: various flaws [epel-7]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of epel-7.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-l
Bugzilla
CVE-2019-5787 CVE-2019-5788 CVE-2019-5789 CVE-2019-5790 CVE-2019-5791 CVE-2019-5792 CVE-2019-5793 CVE-2019-5794 CVE-2019-5795 CVE-2019-5796 CVE-2019-5797 CVE-2019-5798 CVE-2019-5799 CVE-2019-5800 CVE-
bugzilla·2019-03-13·CVSS 8.8
CVE-2019-5787 [HIGH] CVE-2019-5787 CVE-2019-5788 CVE-2019-5789 CVE-2019-5790 CVE-2019-5791 CVE-2019-5792 CVE-2019-5793 CVE-2019-5794 CVE-2019-5795 CVE-2019-5796 CVE-2019-5797 CVE-2019-5798 CVE-2019-5799 CVE-2019-5800 CVE-
CVE-2019-5787 CVE-2019-5788 CVE-2019-5789 CVE-2019-5790 CVE-2019-5791 CVE-2019-5792 CVE-2019-5793 CVE-2019-5794 CVE-2019-5795 CVE-2019-5796 CVE-2019-5797 CVE-2019-5798 CVE-2019-5799 CVE-2019-5800 CVE-2019-5801 ... chromium: various flaws [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of fedora-all.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the releva
Bugzilla
CVE-2019-5789 chromium-browser: Use after free in WebMIDI
bugzilla·2019-03-13·CVSS 8.8
CVE-2019-5789 [HIGH] CVE-2019-5789 chromium-browser: Use after free in WebMIDI
CVE-2019-5789 chromium-browser: Use after free in WebMIDI
An use after free flaw was found in the WebMIDI component of the Chromium browser.
Upstream bug(s):
https://code.google.com/p/chromium/issues/detail?id=921581
External References:
https://chromereleases.googleblog.com/2019/03/stable-channel-update-for-desktop_12.html
Discussion:
Created chromium tracking bugs for this issue:
Affects: epel-7 [bug 1688209]
Affects: fedora-all [bug 1688208]
---
This issue has been addressed in the following products:
Red Hat Enterprise Linux 6 Supplementary
Via RHSA-2019:0708 https://access.redhat.com/errata/RHSA-2019:0708
http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.htmlhttps://chromereleases.googleblog.com/2019/03/stable-channel-update-for-desktop_12.htmlhttps://crbug.com/921581http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.htmlhttps://chromereleases.googleblog.com/2019/03/stable-channel-update-for-desktop_12.htmlhttps://crbug.com/921581
2019-05-23
Published