CVE-2019-5825

MEDIUM KEV

Google Chrome < 73.0.3683.86 - Out-of-Bounds Write

Title source: rule

Description

Out of bounds write in JavaScript in Google Chrome prior to 73.0.3683.86 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Exploits (3)

exploitdb WORKING POC VERIFIED

by Metasploit · rubyremotemultiple

https://www.exploit-db.com/exploits/48183

View Code ZIP pw:eip

nomisec WORKING POC 8 stars

by timwr · client-side

https://github.com/timwr/CVE-2019-5825

View Code ZIP pw:eip

metasploit WORKING POC MANUAL

by dmxcsnsbh, István Kurucsai, timwr · rubypoc

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/browser/chrome_array_map.rb

View Code ZIP pw:eip

References (4)

[Exploit, Third Party Advisory, VDB Entry] http://packetstormsecurity.com/files/156641/Google-Chrome-72-73-Array.map-Corruption.html

[Release Notes, Vendor Advisory] https://chromereleases.googleblog.com/2019/04/stable-channel-update-for-desktop_30.html

[Exploit, Patch, Third Party Advisory] https://crbug.com/941743

[US Government Resource] https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-5825

Scores

CVSS v3 6.5

EPSS 0.7366

EPSS Percentile 98.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Details

CISA KEV 2022-06-08

VulnCheck KEV 2019-09-24

InTheWild.io 2022-06-08

ENISA EUVD EUVD-2019-15396

CWE

CWE-787

Status published

Products (1)

google/chrome < 73.0.3683.86

Published Nov 25, 2019

KEV Added Jun 08, 2022

Tracked Since Feb 18, 2026