Vulnerabilities > CVE-2019-13767 - Use After Free vulnerability in multiple products
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH Summary
Use after free in media picker in Google Chrome prior to 79.0.3945.88 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Nessus
NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-202003-08.NASL description The remote host is affected by the vulnerability described in GLSA-202003-08 (Chromium, Google Chrome: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Chromium and Google Chrome. Please review the referenced CVE identifiers and Google Chrome Releases for details. Impact : A remote attacker could execute arbitrary code, escalate privileges, obtain sensitive information, spoof an URL or cause a Denial of Service condition. Workaround : There is no known workaround at this time. last seen 2020-03-19 modified 2020-03-13 plugin id 134475 published 2020-03-13 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/134475 title GLSA-202003-08 : Chromium, Google Chrome: Multiple vulnerabilities code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Gentoo Linux Security Advisory GLSA 202003-08. # # The advisory text is Copyright (C) 2001-2020 Gentoo Foundation, Inc. # and licensed under the Creative Commons - Attribution / Share Alike # license. See http://creativecommons.org/licenses/by-sa/3.0/ # include("compat.inc"); if (description) { script_id(134475); script_version("1.2"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/18"); script_cve_id("CVE-2019-13723", "CVE-2019-13724", "CVE-2019-13725", "CVE-2019-13726", "CVE-2019-13727", "CVE-2019-13728", "CVE-2019-13729", "CVE-2019-13730", "CVE-2019-13732", "CVE-2019-13734", "CVE-2019-13735", "CVE-2019-13736", "CVE-2019-13737", "CVE-2019-13738", "CVE-2019-13739", "CVE-2019-13740", "CVE-2019-13741", "CVE-2019-13742", "CVE-2019-13743", "CVE-2019-13744", "CVE-2019-13745", "CVE-2019-13746", "CVE-2019-13747", "CVE-2019-13748", "CVE-2019-13749", "CVE-2019-13750", "CVE-2019-13751", "CVE-2019-13752", "CVE-2019-13753", "CVE-2019-13754", "CVE-2019-13755", "CVE-2019-13756", "CVE-2019-13757", "CVE-2019-13758", "CVE-2019-13759", "CVE-2019-13761", "CVE-2019-13762", "CVE-2019-13763", "CVE-2019-13764", "CVE-2019-13767", "CVE-2020-6377", "CVE-2020-6378", "CVE-2020-6379", "CVE-2020-6380", "CVE-2020-6381", "CVE-2020-6382", "CVE-2020-6385", "CVE-2020-6387", "CVE-2020-6388", "CVE-2020-6389", "CVE-2020-6390", "CVE-2020-6391", "CVE-2020-6392", "CVE-2020-6393", "CVE-2020-6394", "CVE-2020-6395", "CVE-2020-6396", "CVE-2020-6397", "CVE-2020-6398", "CVE-2020-6399", "CVE-2020-6400", "CVE-2020-6401", "CVE-2020-6402", "CVE-2020-6403", "CVE-2020-6404", "CVE-2020-6406", "CVE-2020-6407", "CVE-2020-6408", "CVE-2020-6409", "CVE-2020-6410", "CVE-2020-6411", "CVE-2020-6412", "CVE-2020-6413", "CVE-2020-6414", "CVE-2020-6415", "CVE-2020-6416", "CVE-2020-6418", "CVE-2020-6420"); script_xref(name:"GLSA", value:"202003-08"); script_name(english:"GLSA-202003-08 : Chromium, Google Chrome: Multiple vulnerabilities"); script_summary(english:"Checks for updated package(s) in /var/db/pkg"); script_set_attribute( attribute:"synopsis", value: "The remote Gentoo host is missing one or more security-related patches." ); script_set_attribute( attribute:"description", value: "The remote host is affected by the vulnerability described in GLSA-202003-08 (Chromium, Google Chrome: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Chromium and Google Chrome. Please review the referenced CVE identifiers and Google Chrome Releases for details. Impact : A remote attacker could execute arbitrary code, escalate privileges, obtain sensitive information, spoof an URL or cause a Denial of Service condition. Workaround : There is no known workaround at this time." ); script_set_attribute( attribute:"see_also", value:"https://security.gentoo.org/glsa/202003-08" ); script_set_attribute( attribute:"solution", value: "All Chromium users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=www-client/chromium-80.0.3987.132' All Google Chrome users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=www-client/google-chrome-80.0.3987.132'" ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:F/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"metasploit_name", value:'Google Chrome 80 JSCreate side-effect type confusion exploit'); script_set_attribute(attribute:"exploit_framework_metasploit", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:chromium"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:google-chrome"); script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux"); script_set_attribute(attribute:"vuln_publication_date", value:"2019/11/25"); script_set_attribute(attribute:"patch_publication_date", value:"2020/03/13"); script_set_attribute(attribute:"plugin_publication_date", value:"2020/03/13"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Gentoo Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("qpkg.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo"); if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (qpkg_check(package:"www-client/chromium", unaffected:make_list("ge 80.0.3987.132"), vulnerable:make_list("lt 80.0.3987.132"))) flag++; if (qpkg_check(package:"www-client/google-chrome", unaffected:make_list("ge 80.0.3987.132"), vulnerable:make_list("lt 80.0.3987.132"))) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get()); else security_hole(0); exit(0); } else { tested = qpkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "Chromium / Google Chrome"); }NASL family SuSE Local Security Checks NASL id OPENSUSE-2019-2712.NASL description This update for chromium fixes the following issues : Chromium was updated to 79.0.3945.88:	 - CVE-2019-13767: Fixed a use after free in media picker (boo#1159498) last seen 2020-05-31 modified 2019-12-31 plugin id 132517 published 2019-12-31 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/132517 title openSUSE Security Update : chromium (openSUSE-2019-2712) NASL family Windows NASL id GOOGLE_CHROME_79_0_3945_88.NASL description The version of Google Chrome installed on the remote Windows host is prior to 79.0.3945.88. It is, therefore, affected by a vulnerability as referenced in the 2019_12_stable-channel-update-for-desktop_17 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application last seen 2020-03-18 modified 2019-12-17 plugin id 132097 published 2019-12-17 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/132097 title Google Chrome < 79.0.3945.88 Vulnerability NASL family Fedora Local Security Checks NASL id FEDORA_2019-5FDCEFFCB9.NASL description Security fix for CVE-2019-13767. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-05-31 modified 2020-01-06 plugin id 132648 published 2020-01-06 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/132648 title Fedora 31 : chromium (2019-5fdceffcb9) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2020-0005.NASL description An update for chromium-browser is now available for Red Hat Enterprise Linux 6 Supplementary. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Chromium is an open source web browser, powered by WebKit (Blink). This update upgrades Chromium to version 79.0.3945.88. Security Fix(es) : * chromium-browser: Use after free in media picker (CVE-2019-13767) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. last seen 2020-06-02 modified 2020-01-06 plugin id 132669 published 2020-01-06 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/132669 title RHEL 6 : chromium-browser (RHSA-2020:0005) NASL family MacOS X Local Security Checks NASL id MACOSX_GOOGLE_CHROME_79_0_3945_88.NASL description The version of Google Chrome installed on the remote macOS host is prior to 79.0.3945.88. It is, therefore, affected by a vulnerability as referenced in the 2019_12_stable-channel-update-for-desktop_17 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application last seen 2020-03-18 modified 2019-12-17 plugin id 132096 published 2019-12-17 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/132096 title Google Chrome < 79.0.3945.88 Vulnerability NASL family Fedora Local Security Checks NASL id FEDORA_2020-4355EA258E.NASL description Update to 79.0.3945.117. Fixes CVE-2020-6377. ---- Security fix for CVE-2019-13767. ---- Update to Chromium 79. Fixes the usual giant pile of bugs and security issues. This time, the list is : CVE-2019-13725 CVE-2019-13726 CVE-2019-13727 CVE-2019-13728 CVE-2019-13729 CVE-2019-13730 CVE-2019-13732 CVE-2019-13734 CVE-2019-13735 CVE-2019-13764 CVE-2019-13736 CVE-2019-13737 CVE-2019-13738 CVE-2019-13739 CVE-2019-13740 CVE-2019-13741 CVE-2019-13742 CVE-2019-13743 CVE-2019-13744 CVE-2019-13745 CVE-2019-13746 CVE-2019-13747 CVE-2019-13748 CVE-2019-13749 CVE-2019-13750 CVE-2019-13751 CVE-2019-13752 CVE-2019-13753 CVE-2019-13754 CVE-2019-13755 CVE-2019-13756 CVE-2019-13757 CVE-2019-13758 CVE-2019-13759 CVE-2019-13761 CVE-2019-13762 CVE-2019-13763 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-05-31 modified 2020-01-21 plugin id 133113 published 2020-01-21 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/133113 title Fedora 30 : chromium (2020-4355ea258e) NASL family Debian Local Security Checks NASL id DEBIAN_DSA-4606.NASL description Several vulnerabilities have been discovered in the chromium web browser. - CVE-2019-13725 Gengming Liu and Jianyu Chen discovered a use-after-free issue in the bluetooth implementation. - CVE-2019-13726 Sergei Glazunov discovered a buffer overflow issue. - CVE-2019-13727 @piochu discovered a policy enforcement error. - CVE-2019-13728 Rong Jian and Guang Gong discovered an out-of-bounds write error in the v8 JavaScript library. - CVE-2019-13729 Zhe Jin discovered a use-after-free issue. - CVE-2019-13730 Soyeon Park and Wen Xu discovered the use of a wrong type in the v8 JavaScript library. - CVE-2019-13732 Sergei Glazunov discovered a use-after-free issue in the WebAudio implementation. - CVE-2019-13734 Wenxiang Qian discovered an out-of-bounds write issue in the sqlite library. - CVE-2019-13735 Gengming Liu and Zhen Feng discovered an out-of-bounds write issue in the v8 JavaScript library. - CVE-2019-13736 An integer overflow issue was discovered in the pdfium library. - CVE-2019-13737 Mark Amery discovered a policy enforcement error. - CVE-2019-13738 Johnathan Norman and Daniel Clark discovered a policy enforcement error. - CVE-2019-13739 xisigr discovered a user interface error. - CVE-2019-13740 Khalil Zhani discovered a user interface error. - CVE-2019-13741 Michal Bentkowski discovered that user input could be incompletely validated. - CVE-2019-13742 Khalil Zhani discovered a user interface error. - CVE-2019-13743 Zhiyang Zeng discovered a user interface error. - CVE-2019-13744 Prakash discovered a policy enforcement error. - CVE-2019-13745 Luan Herrera discovered a policy enforcement error. - CVE-2019-13746 David Erceg discovered a policy enforcement error. - CVE-2019-13747 Ivan Popelyshev and Andre Bonatti discovered an uninitialized value. - CVE-2019-13748 David Erceg discovered a policy enforcement error. - CVE-2019-13749 Khalil Zhani discovered a user interface error. - CVE-2019-13750 Wenxiang Qian discovered insufficient validation of data in the sqlite library. - CVE-2019-13751 Wenxiang Qian discovered an uninitialized value in the sqlite library. - CVE-2019-13752 Wenxiang Qian discovered an out-of-bounds read issue in the sqlite library. - CVE-2019-13753 Wenxiang Qian discovered an out-of-bounds read issue in the sqlite library. - CVE-2019-13754 Cody Crews discovered a policy enforcement error. - CVE-2019-13755 Masato Kinugawa discovered a policy enforcement error. - CVE-2019-13756 Khalil Zhani discovered a user interface error. - CVE-2019-13757 Khalil Zhani discovered a user interface error. - CVE-2019-13758 Khalil Zhani discovered a policy enforecement error. - CVE-2019-13759 Wenxu Wu discovered a user interface error. - CVE-2019-13761 Khalil Zhani discovered a user interface error. - CVE-2019-13762 csanuragjain discovered a policy enforecement error. - CVE-2019-13763 weiwangpp93 discovered a policy enforecement error. - CVE-2019-13764 Soyeon Park and Wen Xu discovered the use of a wrong type in the v8 JavaScript library. - CVE-2019-13767 Sergei Glazunov discovered a use-after-free issue. - CVE-2020-6377 Zhe Jin discovered a use-after-free issue. - CVE-2020-6378 Antti Levomaki and Christian Jalio discovered a use-after-free issue. - CVE-2020-6379 Guang Gong discovered a use-after-free issue. - CVE-2020-6380 Sergei Glazunov discovered an error verifying extension messages. last seen 2020-03-17 modified 2020-01-21 plugin id 133109 published 2020-01-21 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/133109 title Debian DSA-4606-1 : chromium - security update
Redhat
| rpms |
|
References
- https://crbug.com/1031653
- https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop_17.html
- http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00005.html
- https://seclists.org/bugtraq/2020/Jan/27
- https://www.debian.org/security/2020/dsa-4606
- http://packetstormsecurity.com/files/156563/Chrome-DesktopMediaPickerController-WebContentsDestroyed-Use-After-Free.html
- https://security.gentoo.org/glsa/202003-08
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N5CIQCVS6E3ULJCNU7YJXJPO2BLQZDTK/