CVE-2019-5789

HIGH

Chrome < 73.0.3683.75 - Use-After-Free via WebMIDI Integer Overflow

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2019-5789. PoCs published by Google Security Research.

AI-analyzed exploit summary The writeup describes a use-after-free vulnerability in Chrome's MidiManagerWin due to an unchecked integer overflow in the instance_id mechanism. The issue is theoretically exploitable from JavaScript but more practical from a compromised renderer via Mojo calls.

Description

An integer overflow that leads to a use-after-free in WebMIDI in Google Chrome on Windows prior to 73.0.3683.75 allowed a remote attacker who had compromised the renderer process to execute arbitrary code via a crafted HTML page.

Exploits (1)

exploitdb WRITEUP VERIFIED
by Google Security Research · textdosmultiple
https://www.exploit-db.com/exploits/46570

The writeup describes a use-after-free vulnerability in Chrome's MidiManagerWin due to an unchecked integer overflow in the instance_id mechanism. The issue is theoretically exploitable from JavaScript but more practical from a compromised renderer via Mojo calls.

Classification
Writeup 90%
Attack Type
Rce
Complexity
Complex
Reliability
Theoretical
Target: Google Chrome (specific version not specified)
No auth needed
Prerequisites: Compromised renderer process or prolonged JavaScript execution
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3
Core References
Issue Tracking x_refsource_misc
https://crbug.com/921581

Scores

CVSS v3 8.8
EPSS 0.0729
EPSS Percentile 93.6%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CWE
CWE-190 CWE-416
Status published
Products (5)
google/chrome < 73.0.3683.75
opensuse/backports sle-15
opensuse/leap 15.0
opensuse/leap 15.1
opensuse/leap 42.3
Published May 23, 2019
Tracked Since Feb 18, 2026