CVE-2019-5796

HIGH

Google Chrome < 73.0.3683.75 - Data Race in Extensions Guest View

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2019-5796. PoCs published by Google Security Research.

AI-analyzed exploit summary The writeup describes a race condition in Chrome's ExtensionsGuestViewMessageFilter, where concurrent modification of ProcessIdToFilterMap can lead to unsafe access. The issue was detected via TSAN during fuzzing and can be reproduced by spawning multiple renderers.

Description

Data race in extensions guest view in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Exploits (1)

exploitdb WRITEUP VERIFIED
by Google Security Research · textdosmultiple
https://www.exploit-db.com/exploits/46566

The writeup describes a race condition in Chrome's ExtensionsGuestViewMessageFilter, where concurrent modification of ProcessIdToFilterMap can lead to unsafe access. The issue was detected via TSAN during fuzzing and can be reproduced by spawning multiple renderers.

Classification
Writeup 90%
Attack Type
Dos
Complexity
Moderate
Reliability
Racy
Target: Google Chrome (versions prior to fix for CVE-2019-5796)
No auth needed
Prerequisites: TSAN build of Chrome · Local server with domains test0.com - test63.com resolving to it
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3
Core References
Issue Tracking x_refsource_misc
https://crbug.com/918861

Scores

CVSS v3 7.5
EPSS 0.0467
EPSS Percentile 90.6%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CWE
CWE-362 CWE-787
Status published
Products (5)
google/chrome < 73.0.3683.75
opensuse/backports_sle 15.0
opensuse/leap 15.0
opensuse/leap 15.1
opensuse/leap 42.3
Published May 23, 2019
Tracked Since Feb 18, 2026