CVE-2019-13694

HIGH

Google Chrome <77.0.3865.120 - Use After Free

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2019-13694. PoCs published by nemux.

AI-analyzed exploit summary This repository contains a functional PoC for CVE-2019-13694, a controlled dereference crash in Chrome's WebRTC implementation. The exploit leverages heap spraying to achieve RCE on Android devices, with a reliability of over 80% on tested Samsung models.

Description

Use after free in WebRTC in Google Chrome prior to 77.0.3865.120 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Exploits (1)

gitlab WORKING POC

by nemux · poc

https://gitlab.com/nemux/cve-2019-13694

View Code ZIP pw:eip

This repository contains a functional PoC for CVE-2019-13694, a controlled dereference crash in Chrome's WebRTC implementation. The exploit leverages heap spraying to achieve RCE on Android devices, with a reliability of over 80% on tested Samsung models.

Classification

Working Poc 90%

Attack Type

Rce

Complexity

Complex

Reliability

Reliable

Target: Google Chrome 75.0.3770.143 (Android)

No auth needed

Prerequisites: WebRTC-enabled Chrome on Android · Heap spraying technique

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 23, 2026 Full analysis →

References (2)

Core 2

Core References

Release Notes, Vendor Advisory x_refsource_misc

https://chromereleases.googleblog.com/2019/10/stable-channel-update-for-desktop.html

Issue Tracking x_refsource_misc

https://crbug.com/1005251

Scores

CVSS v3 8.8

EPSS 0.0091

EPSS Percentile 55.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CWE

CWE-416

Status published

Products (1)

google/chrome < 77.0.3865.120

Published Nov 25, 2019

Tracked Since Feb 18, 2026