CVE-2019-5816 — Improper Control of a Resource Through its Lifetime in Google Chrome

CWE-664 — Improper Control of a Resource Through its Lifetime7 documents7 sources

Severity

8.8HIGHNVD

EPSS

0.6%

top 30.65%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Google Chrome Fedoraproject Fedora Opensuse Backports +1 more

Timeline

PublishedJun 27

Latest updateMay 24

Description

Process lifetime issue in Chrome in Google Chrome on Android prior to 74.0.3729.108 allowed a remote attacker to potentially persist an exploited process via a crafted HTML page.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages4 packages

▶CVEListV5google/chromeunspecified — 74.0.3729.108

▶NVDgoogle/chrome< 74.0.3729.108

▶NVDopensuse/leap15.0, 15.1, 42.3+2

▶NVDopensuse/backportssle-15

Also affects: Fedora 29

🔴Vulnerability Details

GHSA

GHSA-43g9-qgw6-3pfp: Process lifetime issue in Chrome in Google Chrome on Android prior to 74↗2022-05-24

▶

OSV

CVE-2019-5816: Process lifetime issue in Chrome in Google Chrome on Android prior to 74↗2019-06-27

▶

CVEList

CVE-2019-5816: Process lifetime issue in Chrome in Google Chrome on Android prior to 74↗2019-06-27

▶

📋Vendor Advisories

Red Hat

chromium-browser: Exploit persistence extension on Android↗2019-04-23

▶

Debian

CVE-2019-5816: chromium - Process lifetime issue in Chrome in Google Chrome on Android prior to 74.0.3729....↗2019

▶

💬Community

Bugzilla

CVE-2019-5816 chromium-browser: Exploit persistence extension on Android↗2019-04-25

▶