CVE-2019-5784

MEDIUM

Google Chrome < 72.0.3626.96 - Out-of-bounds Write in V8 via Crafted HTML Page

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2019-5784. PoCs published by rooootdev.

AI-analyzed exploit summary This PoC demonstrates a type confusion vulnerability in V8 (CVE-2019-5784) by manipulating object properties and triggering recursive function calls. It attempts to exploit memory corruption via JIT compilation and heap manipulation.

Description

Incorrect handling of deferred code in V8 in Google Chrome prior to 72.0.3626.96 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Exploits (1)

nomisec WORKING POC

by rooootdev · poc

https://github.com/rooootdev/CVE-2019-5784-PoC

View Code ZIP pw:eip

This PoC demonstrates a type confusion vulnerability in V8 (CVE-2019-5784) by manipulating object properties and triggering recursive function calls. It attempts to exploit memory corruption via JIT compilation and heap manipulation.

Classification

Working Poc 80%

Attack Type

Rce

Complexity

Complex

Reliability

Racy

Target: Chromium V8 Engine (versions prior to fix)

No auth needed

Prerequisites: Target must be running a vulnerable version of Chromium/V8 · JavaScript execution context (e.g., browser or Node.js)

MITRE ATT&CK

T1189 - Drive-by Compromise T1068 - Exploitation for Privilege Escalation

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2

Core References

Issue Tracking x_refsource_misc

https://crbug.com/915975

Release Notes, Vendor Advisory x_refsource_misc

https://chromereleases.googleblog.com/2019/02/stable-channel-update-for-desktop.html

Scores

CVSS v3 6.5

EPSS 0.0157

EPSS Percentile 72.3%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Details

CWE

CWE-787

Status published

Products (1)

google/chrome < 72.0.3626.96

Published Jun 27, 2019

Tracked Since Feb 18, 2026