← back
CVE-2019-5825

CVE-2019-5825

CVSS 6.5 MEDIUMEPSS 55.9%● KEVCWE-787
In short

A flaw in Chrome's JavaScript engine allowed attackers to write data outside intended memory boundaries, potentially corrupting the heap through a malicious webpage. This could crash the browser or enable arbitrary code execution.

Technical detail

Out-of-bounds write vulnerability in Chrome's JavaScript engine (CWE-787) exploitable via crafted HTML. Attack vector is network-based, requiring user interaction to visit a malicious page; successful exploitation leads to heap corruption with potential for code execution or denial of service.

Summary generated and translated by AI from the official description.
Out of bounds write in JavaScript in Google Chrome prior to 73.0.3683.86 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Affected products
Google · Chrome
public PoCs found3
githubgithub.com/timwr/CVE-2019-58257cve_referencepacketstormsecurity.com/files/156641/Google-Chrome-72-73-Array.map-Corruption.htmlunverifiedexploitdbwww.exploit-db.com/exploits/48183unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://packetstormsecurity.com/files/156641/Google-Chrome-72-73-Array.map-Corruption.htmlhttps://chromereleases.googleblog.com/2019/04/stable-channel-update-for-desktop_30.htmlhttps://crbug.com/941743https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-5825