what you don't know can hurt you
Showing 1 - 4 of 4 RSS Feed

CVE-2019-5786

Status Candidate

Overview

Object lifetime issue in Blink in Google Chrome prior to 72.0.3626.121 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page.

Related Files

Chrome 72.0.3626.119 FileReader Use-After-Free
Posted May 8, 2019
Authored by Clement LECIGNE, timwr, Istvan Kurucsai | Site metasploit.com

This exploit takes advantage of a use after free vulnerability in Google Chrome 72.0.3626.119 running on Windows 7 x86. The FileReader.readAsArrayBuffer function can return multiple references to the same ArrayBuffer object, which can be freed and overwritten with sprayed objects. The dangling ArrayBuffer reference can be used to access the sprayed objects, allowing arbitrary memory access from Javascript. This is used to write and execute shellcode in a WebAssembly object. The shellcode is executed within the Chrome sandbox, so you must explicitly disable the sandbox for the payload to be successful.

tags | exploit, arbitrary, x86, javascript, shellcode
systems | windows, 7
advisories | CVE-2019-5786
MD5 | 1845174659a656cb293c5dd2f17fe75c
Gentoo Linux Security Advisory 201903-23
Posted Mar 28, 2019
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201903-23 - Multiple vulnerabilities have been found in Chromium, the worst of which could result in the remote execution of code. Versions less than 73.0.3683.75 are affected.

tags | advisory, remote, vulnerability
systems | linux, gentoo
advisories | CVE-2018-17479, CVE-2019-5786, CVE-2019-5787, CVE-2019-5788, CVE-2019-5789, CVE-2019-5790, CVE-2019-5791, CVE-2019-5792, CVE-2019-5793, CVE-2019-5794, CVE-2019-5795, CVE-2019-5796, CVE-2019-5797, CVE-2019-5798, CVE-2019-5799, CVE-2019-5800, CVE-2019-5801, CVE-2019-5802, CVE-2019-5803, CVE-2019-5804
MD5 | 907460bdcf468c12ba4df32e8a1dfe34
Debian Security Advisory 4404-1
Posted Mar 11, 2019
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4404-1 - Clement Lecigne discovered a use-after-free issue in chromium's file reader implementation. A maliciously crafted file could be used to remotely execute arbitrary code because of this problem.

tags | advisory, arbitrary
systems | linux, debian
advisories | CVE-2019-5786
MD5 | f259f323229f50aeb91583a49ffac28b
Red Hat Security Advisory 2019-0481-01
Posted Mar 11, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-0481-01 - Chromium is an open-source web browser, powered by WebKit. This update upgrades Chromium to version 72.0.3626.121. Issues addressed include a use-after-free vulnerability.

tags | advisory, web
systems | linux, redhat
advisories | CVE-2019-5786
MD5 | 76a151840b23bbe457bb7058e4c960dd
Page 1 of 1
Back1Next

File Archive:

January 2021

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jan 1st
    4 Files
  • 2
    Jan 2nd
    3 Files
  • 3
    Jan 3rd
    3 Files
  • 4
    Jan 4th
    33 Files
  • 5
    Jan 5th
    31 Files
  • 6
    Jan 6th
    21 Files
  • 7
    Jan 7th
    15 Files
  • 8
    Jan 8th
    19 Files
  • 9
    Jan 9th
    1 Files
  • 10
    Jan 10th
    1 Files
  • 11
    Jan 11th
    33 Files
  • 12
    Jan 12th
    19 Files
  • 13
    Jan 13th
    27 Files
  • 14
    Jan 14th
    8 Files
  • 15
    Jan 15th
    16 Files
  • 16
    Jan 16th
    1 Files
  • 17
    Jan 17th
    2 Files
  • 18
    Jan 18th
    20 Files
  • 19
    Jan 19th
    32 Files
  • 20
    Jan 20th
    12 Files
  • 21
    Jan 21st
    0 Files
  • 22
    Jan 22nd
    0 Files
  • 23
    Jan 23rd
    0 Files
  • 24
    Jan 24th
    0 Files
  • 25
    Jan 25th
    0 Files
  • 26
    Jan 26th
    0 Files
  • 27
    Jan 27th
    0 Files
  • 28
    Jan 28th
    0 Files
  • 29
    Jan 29th
    0 Files
  • 30
    Jan 30th
    0 Files
  • 31
    Jan 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close