PT-2019-5058 · Google+6 · Google Chrome+6

Publicado

2019-11-25

·

Atualizado

2024-06-15

·

CVE-2019-13734

CVSS v2.0

9.3

Alta

VetorAV:N/AC:M/Au:N/C:C/I:C/A:C
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 79.0.3945.79
Description The issue is related to an out of bounds write in SQLite, which can be exploited by a remote attacker via a crafted HTML page, potentially leading to heap corruption. This vulnerability allows an attacker to gain unauthorized access to sensitive information and disrupt its integrity and availability. The vulnerability is notable for allowing remote attacks on the Google Chrome browser, enabling an attacker to gain control over the user's system when opening malicious web pages.
Recommendations For Google Chrome versions prior to 79.0.3945.79, update to version 79.0.3945.79 or later to resolve the issue. As a temporary workaround, consider avoiding the use of WebSQL in Chrome until the update is applied. Restrict access to potentially malicious web pages to minimize the risk of exploitation.

Exploit

Correção

Memory Corruption

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-787

Identificadores relacionados

ALT-PU-2019-3331
ALT-PU-2020-1050
ALT-PU-2020-1707
ALT-PU-2020-2441
BDU:2020-01700
CESA-2020_0227
CESA-2020_0273
CVE-2019-13734
DSA-4606-1
MGASA-2020-0070
MGASA-2020-0078
OPENSUSE-SU-2019:2692-1
OPENSUSE-SU-2019:2694-1
OPENSUSE-SU-2019_2692-1
OPENSUSE-SU-2024:10681-1
OPENSUSE-SU-2024:12948-1
RHSA-2019:4238
RHSA-2019_4238
RHSA-2020:0227
RHSA-2020:0229
RHSA-2020:0273
RHSA-2020:2014
RHSA-2020_0227
RHSA-2020_0273
USN-4298-1
USN-4298-2

Produtos afetados

Alt Linux
Centos
Google Chrome
Red Hat
Sqlite
Suse
Ubuntu