CVE-2019-5831
First published: Thu Jun 27 2019(Updated: )
Object lifecycle issue in V8 in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Credit: cve-coordination@google.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| debian/chromium | 90.0.4430.212-1~deb10u1 116.0.5845.180-1~deb11u1 120.0.6099.129-1~deb11u1 119.0.6045.199-1~deb12u1 120.0.6099.129-1~deb12u1 120.0.6099.129-1 | |
| Google Chrome | <75.0.3770.80 | |
| SUSE Backports | =sle-15 | |
| openSUSE | =15.0 | |
| openSUSE | =15.1 | |
| openSUSE | =42.3 | |
| Debian GNU/Linux | =10.0 | |
| Fedoraproject Fedora | =29 | |
| Fedoraproject Fedora | =30 |
Remedy
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://security-tracker.debian.org/tracker/CVE-2019-5831
- http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html
- https://chromereleases.googleblog.com/2019/06/stable-channel-update-for-desktop.html
- https://crbug.com/950328
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CPM7VPE27DUNJLXM4F5PAAEFFWOEND6X/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EI3DGFVT7CKJO6YVMP55R35HCDVEIC4Z/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FKN4GPMBQ3SDXWB4HL45II5CZ7P2E4AI/
- https://seclists.org/bugtraq/2019/Aug/19
- https://security.gentoo.org/glsa/201908-18
- https://www.debian.org/security/2019/dsa-4500
- https://www.talosintelligence.com/vulnerability_reports/TALOS-2019-0791
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FKN4GPMBQ3SDXWB4HL45II5CZ7P2E4AI/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CPM7VPE27DUNJLXM4F5PAAEFFWOEND6X/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EI3DGFVT7CKJO6YVMP55R35HCDVEIC4Z/
Frequently Asked Questions
What is the severity of CVE-2019-5831?
The severity of CVE-2019-5831 is high.
What is the affected software for CVE-2019-5831?
The affected software for CVE-2019-5831 includes Google Chrome prior to version 75.0.3770.80, OpenSUSE Backports, openSUSE Leap 15.0, openSUSE Leap 15.1, openSUSE Leap 42.3, Debian Linux 10.0, Fedora 29, Fedora 30, and chromium package from the Debian source.
How can a remote attacker exploit CVE-2019-5831?
A remote attacker can potentially exploit CVE-2019-5831 by leveraging an object lifecycle issue in V8 in Google Chrome to execute heap corruption via a crafted HTML page.
What is the remedy for CVE-2019-5831?
The recommended remedy for CVE-2019-5831 is to upgrade to Google Chrome version 75.0.3770.80 or later, or apply the appropriate security patches for the affected software versions.
Where can I get more information about CVE-2019-5831?
You can find more information about CVE-2019-5831 at the following references: [Debian Security Tracker](https://security-tracker.debian.org/tracker/CVE-2019-5831), [OpenSUSE Security Announce](http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html), [Chrome Releases Blog](https://chromereleases.googleblog.com/2019/06/stable-channel-update-for-desktop.html).
- collector/security-tracker-debian
- agent/type
- agent/remedy
- agent/weakness
- agent/author
- agent/severity
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/references
- agent/description
- agent/event
- agent/first-publish-date
- agent/trending
- agent/source
- agent/tags
- agent/softwarecombine
- collector/nvd-index
- agent/software-canonical-lookup-request
- package-manager/debian
- vendor/google
- canonical/google chrome
- vendor/opensuse
- canonical/suse backports
- version/suse backports/sle-15
- canonical/opensuse
- version/opensuse/15.0
- version/opensuse/15.1
- version/opensuse/42.3
- vendor/debian
- canonical/debian gnu/linux
- version/debian gnu/linux/10.0
- vendor/fedoraproject
- canonical/fedoraproject fedora
- version/fedoraproject fedora/29
- version/fedoraproject fedora/30