{"containers": {"cna": {"affected": [{"product": "Chrome", "vendor": "Google", "versions": [{"status": "affected", "version": "prior to 73.0.3683.75"}]}], "descriptions": [{"lang": "en", "value": "An integer overflow that leads to a use-after-free in WebMIDI in Google Chrome on Windows prior to 73.0.3683.75 allowed a remote attacker who had compromised the renderer process to execute arbitrary code via a crafted HTML page."}], "problemTypes": [{"descriptions": [{"description": "Integer overflow", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2019-06-28T17:06:08", "orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28", "shortName": "Chrome"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://chromereleases.googleblog.com/2019/03/stable-channel-update-for-desktop_12.html"}, {"tags": ["x_refsource_MISC"], "url": "https://crbug.com/921581"}, {"name": "openSUSE-SU-2019:1666", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@google.com", "ID": "CVE-2019-5789", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Chrome", "version": {"version_data": [{"version_value": "prior to 73.0.3683.75"}]}}]}, "vendor_name": "Google"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "An integer overflow that leads to a use-after-free in WebMIDI in Google Chrome on Windows prior to 73.0.3683.75 allowed a remote attacker who had compromised the renderer process to execute arbitrary code via a crafted HTML page."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Integer overflow"}]}]}, "references": {"reference_data": [{"name": "https://chromereleases.googleblog.com/2019/03/stable-channel-update-for-desktop_12.html", "refsource": "MISC", "url": "https://chromereleases.googleblog.com/2019/03/stable-channel-update-for-desktop_12.html"}, {"name": "https://crbug.com/921581", "refsource": "MISC", "url": "https://crbug.com/921581"}, {"name": "openSUSE-SU-2019:1666", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T20:01:52.387Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://chromereleases.googleblog.com/2019/03/stable-channel-update-for-desktop_12.html"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://crbug.com/921581"}, {"name": "openSUSE-SU-2019:1666", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html"}]}]}, "cveMetadata": {"assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28", "assignerShortName": "Chrome", "cveId": "CVE-2019-5789", "datePublished": "2019-05-23T19:12:11", "dateReserved": "2019-01-09T00:00:00", "dateUpdated": "2024-08-04T20:01:52.387Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*", "matchCriteriaId": "EA174888-9FEB-4029-8E0D-D6CFCF1A74F6", "versionEndExcluding": "73.0.3683.75", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:opensuse:backports:sle-15:*:*:*:*:*:*:*", "matchCriteriaId": "1CBC4824-9D9F-427D-87A6-60B2CEBAAFEE", "vulnerable": true}, {"criteria": "cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*", "matchCriteriaId": "F1E78106-58E6-4D59-990F-75DA575BFAD9", "vulnerable": true}, {"criteria": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*", "matchCriteriaId": "B620311B-34A3-48A6-82DF-6F078D7A4493", "vulnerable": true}, {"criteria": "cpe:2.3:o:opensuse:leap:42.3:*:*:*:*:*:*:*", "matchCriteriaId": "5F65DAB0-3DAD-49FF-BC73-3581CC3D5BF3", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "An integer overflow that leads to a use-after-free in WebMIDI in Google Chrome on Windows prior to 73.0.3683.75 allowed a remote attacker who had compromised the renderer process to execute arbitrary code via a crafted HTML page."}, {"lang": "es", "value": "Un desbordamiento de enteros que provoca un uso de memoria previamente liberada (use-after-free) en WebMIDI en Google Chrome en Windows antes de la versi\u00f3n 73.0.3683.75, permiti\u00f3 que un atacante remoto que hab\u00eda comprometido el proceso del renderizador ejecutara c\u00f3digo arbitrario por medio de una p\u00e1gina HTML creada."}], "id": "CVE-2019-5789", "lastModified": "2024-11-21T04:45:29.803", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-05-23T20:29:00.670", "references": [{"source": "chrome-cve-admin@google.com", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html"}, {"source": "chrome-cve-admin@google.com", "url": "https://chromereleases.googleblog.com/2019/03/stable-channel-update-for-desktop_12.html"}, {"source": "chrome-cve-admin@google.com", "url": "https://crbug.com/921581"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://chromereleases.googleblog.com/2019/03/stable-channel-update-for-desktop_12.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://crbug.com/921581"}], "sourceIdentifier": "chrome-cve-admin@google.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-190"}, {"lang": "en", "value": "CWE-416"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2019:0708", "cpe": "cpe:/a:redhat:rhel_extras:6", "package": "chromium-browser-0:73.0.3683.75-1.el6_10", "product_name": "Red Hat Enterprise Linux 6 Supplementary", "release_date": "2019-04-08T00:00:00Z"}], "bugzilla": {"description": "chromium-browser: Use after free in WebMIDI", "id": "1688191", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1688191"}, "csaw": false, "cvss3": {"cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified"}, "details": ["An integer overflow that leads to a use-after-free in WebMIDI in Google Chrome on Windows prior to 73.0.3683.75 allowed a remote attacker who had compromised the renderer process to execute arbitrary code via a crafted HTML page."], "name": "CVE-2019-5789", "public_date": "2019-03-12T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2019-5789\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-5789\nhttps://chromereleases.googleblog.com/2019/03/stable-channel-update-for-desktop_12.html"], "threat_severity": "Important"}