{"containers": {"cna": {"affected": [{"product": "Chrome", "vendor": "Google", "versions": [{"status": "affected", "version": "prior to 73.0.3683.75"}]}], "descriptions": [{"lang": "en", "value": "An integer overflow leading to an incorrect capacity of a buffer in JavaScript in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page."}], "problemTypes": [{"descriptions": [{"description": "Heap buffer overflow", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2019-06-28T17:06:06", "orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28", "shortName": "Chrome"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://chromereleases.googleblog.com/2019/03/stable-channel-update-for-desktop_12.html"}, {"tags": ["x_refsource_MISC"], "url": "https://crbug.com/914736"}, {"name": "openSUSE-SU-2019:1666", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@google.com", "ID": "CVE-2019-5790", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Chrome", "version": {"version_data": [{"version_value": "prior to 73.0.3683.75"}]}}]}, "vendor_name": "Google"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "An integer overflow leading to an incorrect capacity of a buffer in JavaScript in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Heap buffer overflow"}]}]}, "references": {"reference_data": [{"name": "https://chromereleases.googleblog.com/2019/03/stable-channel-update-for-desktop_12.html", "refsource": "MISC", "url": "https://chromereleases.googleblog.com/2019/03/stable-channel-update-for-desktop_12.html"}, {"name": "https://crbug.com/914736", "refsource": "MISC", "url": "https://crbug.com/914736"}, {"name": "openSUSE-SU-2019:1666", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T20:01:52.195Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://chromereleases.googleblog.com/2019/03/stable-channel-update-for-desktop_12.html"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://crbug.com/914736"}, {"name": "openSUSE-SU-2019:1666", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html"}]}]}, "cveMetadata": {"assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28", "assignerShortName": "Chrome", "cveId": "CVE-2019-5790", "datePublished": "2019-05-23T19:12:38", "dateReserved": "2019-01-09T00:00:00", "dateUpdated": "2024-08-04T20:01:52.195Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*", "matchCriteriaId": "EA174888-9FEB-4029-8E0D-D6CFCF1A74F6", "versionEndExcluding": "73.0.3683.75", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:opensuse:backports:sle-15:*:*:*:*:*:*:*", "matchCriteriaId": "1CBC4824-9D9F-427D-87A6-60B2CEBAAFEE", "vulnerable": true}, {"criteria": "cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*", "matchCriteriaId": "F1E78106-58E6-4D59-990F-75DA575BFAD9", "vulnerable": true}, {"criteria": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*", "matchCriteriaId": "B620311B-34A3-48A6-82DF-6F078D7A4493", "vulnerable": true}, {"criteria": "cpe:2.3:o:opensuse:leap:42.3:*:*:*:*:*:*:*", "matchCriteriaId": "5F65DAB0-3DAD-49FF-BC73-3581CC3D5BF3", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "An integer overflow leading to an incorrect capacity of a buffer in JavaScript in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page."}, {"lang": "es", "value": "Un desbordamiento de enteros que provoca una capacidad incorrecta de un b\u00fafer en JavaScript en Google Chrome antes de la versi\u00f3n 73.0.3683.75, permiti\u00f3 que un atacante remoto ejecutara c\u00f3digo arbitrario dentro de un sandbox por medio de una p\u00e1gina HTML creada."}], "id": "CVE-2019-5790", "lastModified": "2023-11-07T03:12:13.727", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-05-23T20:29:00.700", "references": [{"source": "chrome-cve-admin@google.com", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html"}, {"source": "chrome-cve-admin@google.com", "url": "https://chromereleases.googleblog.com/2019/03/stable-channel-update-for-desktop_12.html"}, {"source": "chrome-cve-admin@google.com", "url": "https://crbug.com/914736"}], "sourceIdentifier": "chrome-cve-admin@google.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-190"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2019:0708", "cpe": "cpe:/a:redhat:rhel_extras:6", "package": "chromium-browser-0:73.0.3683.75-1.el6_10", "product_name": "Red Hat Enterprise Linux 6 Supplementary", "release_date": "2019-04-08T00:00:00Z"}], "bugzilla": {"description": "chromium-browser: Heap buffer overflow in V8", "id": "1688192", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1688192"}, "csaw": false, "cvss3": {"cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified"}, "details": ["An integer overflow leading to an incorrect capacity of a buffer in JavaScript in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page."], "name": "CVE-2019-5790", "public_date": "2019-03-12T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2019-5790\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-5790\nhttps://chromereleases.googleblog.com/2019/03/stable-channel-update-for-desktop_12.html"], "threat_severity": "Important", "upstream_fix": "chromium-browser 73.0.3683.75"}