CVE-2019-13720
CVE-2019-13720
In short
A flaw in Google Chrome's audio processing allows attackers to corrupt computer memory through a specially crafted website, potentially leading to crashes or malicious code execution.
Technical detail
Use-after-free vulnerability in WebAudio component; remote attacker can craft malicious HTML to trigger heap corruption. Exploitation requires user to visit a malicious webpage and interact with audio features. Impacts confidentiality, integrity, and availability of the affected system.
Summary generated and translated by AI from the official description.
Use after free in WebAudio in Google Chrome prior to 78.0.3904.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Affected products
Google · Chromepublic PoCs found — 3
githubgithub.com/cve-2019-13720/cve-2019-13720★ 3cve_referencepacketstormsecurity.com/files/167066/Google-Chrome-78.0.3904.70-Remote-Code-Execution.htmlunverifiedexploitdbwww.exploit-db.com/exploits/50917unverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00022.htmlhttp://packetstormsecurity.com/files/167066/Google-Chrome-78.0.3904.70-Remote-Code-Execution.htmlhttps://chromereleases.googleblog.com/2019/10/stable-channel-update-for-desktop_31.htmlhttps://crbug.com/1019226https://security.gentoo.org/glsa/202004-04https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-13720