PT-2019-5058 · Google+6 · Google Chrome+6

Published

2019-11-25

·

Updated

2024-06-15

·

CVE-2019-13734

CVSS v2.0

9.3

High

VectorAV:N/AC:M/Au:N/C:C/I:C/A:C
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 79.0.3945.79
Description The issue is related to an out of bounds write in SQLite, which can be exploited by a remote attacker via a crafted HTML page, potentially leading to heap corruption. This vulnerability allows an attacker to gain unauthorized access to sensitive information and disrupt its integrity and availability. The vulnerability is notable for allowing remote attacks on the Google Chrome browser, enabling an attacker to gain control over the user's system when opening malicious web pages.
Recommendations For Google Chrome versions prior to 79.0.3945.79, update to version 79.0.3945.79 or later to resolve the issue. As a temporary workaround, consider avoiding the use of WebSQL in Chrome until the update is applied. Restrict access to potentially malicious web pages to minimize the risk of exploitation.

Exploit

Fix

Memory Corruption

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-787

Related Identifiers

ALT-PU-2019-3331
ALT-PU-2020-1050
ALT-PU-2020-1707
ALT-PU-2020-2441
BDU:2020-01700
CESA-2020_0227
CESA-2020_0273
CVE-2019-13734
DSA-4606-1
MGASA-2020-0070
MGASA-2020-0078
OPENSUSE-SU-2019:2692-1
OPENSUSE-SU-2019:2694-1
OPENSUSE-SU-2019_2692-1
OPENSUSE-SU-2024:10681-1
OPENSUSE-SU-2024:12948-1
RHSA-2019:4238
RHSA-2019_4238
RHSA-2020:0227
RHSA-2020:0229
RHSA-2020:0273
RHSA-2020:2014
RHSA-2020_0227
RHSA-2020_0273
USN-4298-1
USN-4298-2

Affected Products

Alt Linux
Centos
Google Chrome
Red Hat
Sqlite
Suse
Ubuntu