CVE-2019-5797
published 2022-09-29CVE-2019-5797: Double free in DOMStorage in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
PriorityP351high7.5CVSS 3.1
AVNACHPRNUIRSUCHIHAH
EXPLOIT
EPSS
2.65%
83.8th percentile
Double free in DOMStorage in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Affected
7 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| chromium | chromium | >= 0 < 73.0.3683.75-1 | 73.0.3683.75-1 |
| chromium | chromium | >= 0 < 73.0.3683.75-1 | 73.0.3683.75-1 |
| chromium | chromium | >= 0 < 73.0.3683.75-1 | 73.0.3683.75-1 |
| chromium | chromium | >= 0 < 73.0.3683.75-1 | 73.0.3683.75-1 |
| debian | chromium | < chromium 73.0.3683.75-1 (bookworm) | chromium 73.0.3683.75-1 (bookworm) |
| chrome | < 73.0.3683.75 | 73.0.3683.75 | |
| chrome | >= unspecified < 73.0.3683.75 | 73.0.3683.75 |
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
osv7.5HIGH
vendor_debian7.5HIGH
vendor_redhat7.5HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Red Hat
chromium-browser: Race condition in DOMStorage
vendor_redhat·2019-03-12·CVSS 7.5
CVE-2019-5797 [HIGH] chromium-browser: Race condition in DOMStorage
chromium-browser: Race condition in DOMStorage
Double free in DOMStorage in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Debian
CVE-2019-5797: chromium - Double free in DOMStorage in Google Chrome prior to 73.0.3683.75 allowed a remot...
vendor_debian·2019·CVSS 7.5
CVE-2019-5797 [HIGH] CVE-2019-5797: chromium - Double free in DOMStorage in Google Chrome prior to 73.0.3683.75 allowed a remot...
Double free in DOMStorage in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Scope: local
bookworm: resolved (fixed in 73.0.3683.75-1)
bullseye: resolved (fixed in 73.0.3683.75-1)
forky: resolved (fixed in 73.0.3683.75-1)
sid: resolved (fixed in 73.0.3683.75-1)
trixie: resolved (fixed in 73.0.3683.75-1)
GHSA
GHSA-524r-c4hc-2m74: Double free in DOMStorage in Google Chrome prior to 73
ghsa_unreviewed·2022-09-30
CVE-2019-5797 [HIGH] CWE-415 GHSA-524r-c4hc-2m74: Double free in DOMStorage in Google Chrome prior to 73
Double free in DOMStorage in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
OSV
CVE-2019-5797: Double free in DOMStorage in Google Chrome prior to 73
osv·2022-09-29·CVSS 7.5
CVE-2019-5797 [HIGH] CVE-2019-5797: Double free in DOMStorage in Google Chrome prior to 73
Double free in DOMStorage in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
No detection rules found.
Bugzilla
CVE-2019-5797 chromium-browser: Race condition in DOMStorage
bugzilla·2019-03-13·CVSS 7.5
CVE-2019-5797 [HIGH] CVE-2019-5797 chromium-browser: Race condition in DOMStorage
CVE-2019-5797 chromium-browser: Race condition in DOMStorage
A race condition flaw was found in the DOMStorage component of the Chromium browser.
Upstream bug(s):
https://code.google.com/p/chromium/issues/detail?id=916523
External References:
https://chromereleases.googleblog.com/2019/03/stable-channel-update-for-desktop_12.html
Discussion:
Created chromium tracking bugs for this issue:
Affects: epel-7 [bug 1688209]
Affects: fedora-all [bug 1688208]
---
This issue has been addressed in the following products:
Red Hat Enterprise Linux 6 Supplementary
Via RHSA-2019:0708 https://access.redhat.com/errata/RHSA-2019:0708
Bugzilla
CVE-2019-5787 CVE-2019-5788 CVE-2019-5789 CVE-2019-5790 CVE-2019-5791 CVE-2019-5792 CVE-2019-5793 CVE-2019-5794 CVE-2019-5795 CVE-2019-5796 CVE-2019-5797 CVE-2019-5798 CVE-2019-5799 CVE-2019-5800 CVE-
bugzilla·2019-03-13·CVSS 8.8
CVE-2019-5787 [HIGH] CVE-2019-5787 CVE-2019-5788 CVE-2019-5789 CVE-2019-5790 CVE-2019-5791 CVE-2019-5792 CVE-2019-5793 CVE-2019-5794 CVE-2019-5795 CVE-2019-5796 CVE-2019-5797 CVE-2019-5798 CVE-2019-5799 CVE-2019-5800 CVE-
CVE-2019-5787 CVE-2019-5788 CVE-2019-5789 CVE-2019-5790 CVE-2019-5791 CVE-2019-5792 CVE-2019-5793 CVE-2019-5794 CVE-2019-5795 CVE-2019-5796 CVE-2019-5797 CVE-2019-5798 CVE-2019-5799 CVE-2019-5800 CVE-2019-5801 ... chromium: various flaws [epel-7]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of epel-7.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-l
Bugzilla
CVE-2019-5787 CVE-2019-5788 CVE-2019-5789 CVE-2019-5790 CVE-2019-5791 CVE-2019-5792 CVE-2019-5793 CVE-2019-5794 CVE-2019-5795 CVE-2019-5796 CVE-2019-5797 CVE-2019-5798 CVE-2019-5799 CVE-2019-5800 CVE-
bugzilla·2019-03-13·CVSS 8.8
CVE-2019-5787 [HIGH] CVE-2019-5787 CVE-2019-5788 CVE-2019-5789 CVE-2019-5790 CVE-2019-5791 CVE-2019-5792 CVE-2019-5793 CVE-2019-5794 CVE-2019-5795 CVE-2019-5796 CVE-2019-5797 CVE-2019-5798 CVE-2019-5799 CVE-2019-5800 CVE-
CVE-2019-5787 CVE-2019-5788 CVE-2019-5789 CVE-2019-5790 CVE-2019-5791 CVE-2019-5792 CVE-2019-5793 CVE-2019-5794 CVE-2019-5795 CVE-2019-5796 CVE-2019-5797 CVE-2019-5798 CVE-2019-5799 CVE-2019-5800 CVE-2019-5801 ... chromium: various flaws [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of fedora-all.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the releva
2022-09-29
Published