CVE-2019-5822

HIGH

Google Chrome <74.0.3729.108 - CSRF

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2019-5822. PoCs published by Silence-Rain.

AI-analyzed exploit summary This repository contains a proof-of-concept exploit for CVE-2019-5822, which involves a bypass mechanism for download restrictions in a web application. The exploit uses an Express server to serve malicious HTML and PHP files that redirect users to arbitrary URLs, demonstrating the vulnerability.

Description

Inappropriate implementation in Blink in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to bypass same origin policy via a crafted HTML page.

Exploits (1)

nomisec WORKING POC 1 stars
by Silence-Rain · poc
https://github.com/Silence-Rain/14-828_Exploitation_of_CVE-2019-5822

This repository contains a proof-of-concept exploit for CVE-2019-5822, which involves a bypass mechanism for download restrictions in a web application. The exploit uses an Express server to serve malicious HTML and PHP files that redirect users to arbitrary URLs, demonstrating the vulnerability.

Classification
Working Poc 90%
Attack Type
Auth Bypass
Complexity
Moderate
Reliability
Reliable
Target: Unknown (likely a web application with download restrictions)
No auth needed
Prerequisites: Victim must visit the attacker-controlled server
mistral-large-3 · analyzed Feb 16, 2026 Full analysis →

References (8)

Core 8
Core References
Issue Tracking x_refsource_misc
https://crbug.com/926105
Third Party Advisory vendor-advisory x_refsource_debian
https://www.debian.org/security/2019/dsa-4500
Mailing List mailing-list x_refsource_bugtraq
https://seclists.org/bugtraq/2019/Aug/19
Third Party Advisory vendor-advisory x_refsource_gentoo
https://security.gentoo.org/glsa/201908-18

Scores

CVSS v3 8.8
EPSS 0.0187
EPSS Percentile 76.9%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

Status published
Products (8)
debian/debian_linux 10.0
fedoraproject/fedora 29
fedoraproject/fedora 30
google/chrome < 74.0.3729.108
opensuse/backports sle-15
opensuse/leap 15.0
opensuse/leap 15.1
opensuse/leap 42.3
Published Jun 27, 2019
Tracked Since Feb 18, 2026