PT-2018-2575 · Google+3 · Google Chrome+3

Published

2018-11-12

Updated

2024-06-15

CVE-2019-5771

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 72.0.3626.81

Description The issue is related to an incorrect Just-In-Time (JIT) compilation of GLSL shaders in the SwiftShader component of Google Chrome, which could allow a remote attacker to execute arbitrary code via a crafted HTML page. This is also described as a buffer overflow vulnerability in the SwiftShader component, potentially allowing a remote attacker to gain unauthorized access to data.

Recommendations For versions prior to 72.0.3626.81, update to version 72.0.3626.81 or later to resolve the issue. As a temporary workaround, consider restricting access to potentially vulnerable HTML pages until the update is applied.

Exploit

Fix

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-119

Related Identifiers

ALT-PU-2019-1257

BDU:2019-01050

CVE-2019-5771

OPENSUSE-SU-2019:0204-1

OPENSUSE-SU-2019:0206-1

OPENSUSE-SU-2019:0216-1

OPENSUSE-SU-2019_0204-1

OPENSUSE-SU-2019_0205-1

OPENSUSE-SU-2024:10681-1

OPENSUSE-SU-2024:12948-1

RHSA-2019:0309

RHSA-2019_0309

Affected Products

Alt Linux

Google Chrome

Red Hat

Suse

PT-2018-2575 · Google+3 · Google Chrome+3

CVE-2019-5771

Weakness Enumeration

Related Identifiers

Affected Products

References · 2328