CVE-2019-13730

HIGH

Google Chrome <79.0.3945.79 - Heap Corruption

Title source: llm

Description

Type confusion in JavaScript in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

References (10)

[Mailing List, Third Party Advisory] http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00032.html

[Mailing List, Third Party Advisory] http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00036.html

[Patch, Third Party Advisory] https://access.redhat.com/errata/RHSA-2019:4238

[Release Notes, Vendor Advisory] https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop.html

[Permissions Required] https://crbug.com/1028862

[Mailing List, Third Party Advisory] https://seclists.org/bugtraq/2020/Jan/27

[Third Party Advisory] https://security.gentoo.org/glsa/202003-08

[Mailing List, Third Party Advisory] https://www.debian.org/security/2020/dsa-4606

[Mailing List, Third Party Advisory] https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2Z5M4FPUMDNX2LDPHJKN5ZV5GIS2AKNU/

[Mailing List, Third Party Advisory] https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N5CIQCVS6E3ULJCNU7YJXJPO2BLQZDTK/

Scores

CVSS v3 8.8

EPSS 0.0191

EPSS Percentile 83.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Classification

CWE

CWE-843 CWE-787

Status published

Affected Products (11)

google/chrome < 79.0.3945.79

debian/debian_linux

fedoraproject/fedora

novell/suse_package_hub_for_suse_linux_enterprise

opensuse/backports

redhat/enterprise_linux_desktop

redhat/enterprise_linux_for_scientific_computing

redhat/enterprise_linux_server

redhat/enterprise_linux_workstation

Timeline

Published Dec 10, 2019

Tracked Since Feb 18, 2026