Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2019-5797Double Free in Google Chrome

CWE-415Double Free9 documents7 sources
Severity
7.5HIGHNVD
EPSS
2.8%
top 13.89%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
3
Google ChromeChromiumDebian Chromium
Timeline
PublishedSep 29
Latest updateSep 30

Description

Double free in DOMStorage in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.6 | Impact: 5.9

Affected Packages4 packages

CVEListV5google/chromeunspecified73.0.3683.75
NVDgoogle/chrome< 73.0.3683.75
debiandebian/chromium< chromium 73.0.3683.75-1 (bookworm)
Debianchromium/chromium< 73.0.3683.75-1+3

🔴Vulnerability Details

2
GHSA
GHSA-524r-c4hc-2m74: Double free in DOMStorage in Google Chrome prior to 732022-09-30
OSV
CVE-2019-5797: Double free in DOMStorage in Google Chrome prior to 732022-09-29

💥Exploits & PoCs

1
Exploit-DB
Google Chrome < M73 - Double-Destruction Race in StoragePartitionService2019-03-19

📋Vendor Advisories

2
Red Hat
chromium-browser: Race condition in DOMStorage2019-03-12
Debian
CVE-2019-5797: chromium - Double free in DOMStorage in Google Chrome prior to 73.0.3683.75 allowed a remot...2019

💬Community

3
Bugzilla
CVE-2019-5797 chromium-browser: Race condition in DOMStorage2019-03-13
Bugzilla
CVE-2019-5787 CVE-2019-5788 CVE-2019-5789 CVE-2019-5790 CVE-2019-5791 CVE-2019-5792 CVE-2019-5793 CVE-2019-5794 CVE-2019-5795 CVE-2019-5796 CVE-2019-5797 CVE-2019-5798 CVE-2019-5799 CVE-2019-5800 CVE-2019-03-13
Bugzilla
CVE-2019-5787 CVE-2019-5788 CVE-2019-5789 CVE-2019-5790 CVE-2019-5791 CVE-2019-5792 CVE-2019-5793 CVE-2019-5794 CVE-2019-5795 CVE-2019-5796 CVE-2019-5797 CVE-2019-5798 CVE-2019-5799 CVE-2019-5800 CVE-2019-03-13