Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-78a8-ezsz-hubw
Vulnerability ID VCID-78a8-ezsz-hubw
Aliases CVE-2019-5825
Summary chromium-browser: Out-of-bounds write in V8
Status Published
Exploitability 2.0
Weighted Severity 7.9
Risk 10.0
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-787 Out-of-bounds Write
System Score Found at
cvssv3.1 6.5 http://packetstormsecurity.com/files/156641/Google-Chrome-72-73-Array.map-Corruption.html
ssvc Track http://packetstormsecurity.com/files/156641/Google-Chrome-72-73-Array.map-Corruption.html
cvssv3 8.8 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-5825.json
epss 0.73662 https://api.first.org/data/v1/epss?cve=CVE-2019-5825
epss 0.73662 https://api.first.org/data/v1/epss?cve=CVE-2019-5825
epss 0.73662 https://api.first.org/data/v1/epss?cve=CVE-2019-5825
epss 0.73662 https://api.first.org/data/v1/epss?cve=CVE-2019-5825
epss 0.73662 https://api.first.org/data/v1/epss?cve=CVE-2019-5825
epss 0.73662 https://api.first.org/data/v1/epss?cve=CVE-2019-5825
epss 0.73662 https://api.first.org/data/v1/epss?cve=CVE-2019-5825
cvssv3.1 6.5 https://chromereleases.googleblog.com/2019/04/stable-channel-update-for-desktop_30.html
ssvc Track https://chromereleases.googleblog.com/2019/04/stable-channel-update-for-desktop_30.html
cvssv3.1 6.5 https://crbug.com/941743
ssvc Track https://crbug.com/941743
cvssv2 4.3 https://nvd.nist.gov/vuln/detail/CVE-2019-5825
cvssv3.1 6.5 https://nvd.nist.gov/vuln/detail/CVE-2019-5825
Reference id Reference type URL
http://packetstormsecurity.com/files/156641/Google-Chrome-72-73-Array.map-Corruption.html
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-5825.json
https://api.first.org/data/v1/epss?cve=CVE-2019-5825
https://chromereleases.googleblog.com/2019/04/stable-channel-update-for-desktop_30.html
https://crbug.com/941743
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13698
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5805
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5806
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5807
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5808
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5809
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5810
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5811
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5813
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5814
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5815
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5818
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5819
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5820
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5821
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5822
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5823
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5824
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5825
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5826
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5827
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5828
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5829
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5830
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5831
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5832
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5833
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5834
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5836
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5837
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5838
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5839
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5840
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5841
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5842
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5843
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5847
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5848
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5849
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5850
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5851
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5852
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5853
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5854
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5855
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5856
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5857
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5858
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5859
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5860
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5861
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5862
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5864
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5865
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5867
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5868
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6503
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6504
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-5825
1707247 https://bugzilla.redhat.com/show_bug.cgi?id=1707247
cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*
CVE-2019-5825 Exploit https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/48183.rb
CVE-2019-5825 https://nvd.nist.gov/vuln/detail/CVE-2019-5825
CVE-2019-5825 Exploit https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/multi/browser/chrome_array_map.rb
RHSA-2019:1021 https://access.redhat.com/errata/RHSA-2019:1021
Data source Exploit-DB
Date added March 9, 2020
Description Google Chrome 72 and 73 - Array.map Out-of-Bounds Write (Metasploit)
Ransomware campaign use Known
Source publication date March 9, 2020
Exploit type remote
Platform multiple
Source update date March 9, 2020
Source URL https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/multi/browser/chrome_array_map.rb
Data source Metasploit
Description This module exploits an issue in Chrome 73.0.3683.86 (64 bit). The exploit corrupts the length of a float in order to modify the backing store of a typed array. The typed array can then be used to read and write arbitrary memory. The exploit then uses WebAssembly in order to allocate a region of RWX memory, which is then replaced with the payload. The payload is executed within the sandboxed renderer process, so the browser must be run with the --no-sandbox option for the payload to work correctly.
Note 
Reliability:
  - repeatable-session
SideEffects:
  - ioc-in-logs
Stability:
  - crash-safe
Ransomware campaign use Unknown
Source publication date March 7, 2019
Platform OSX,Windows
Source URL https://github.com/rapid7/metasploit-framework/tree/master/modules/exploits/multi/browser/chrome_array_map.rb
Data source KEV
Date added June 8, 2022
Description Google Chromium V8 Engine contains an out-of-bounds write vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.
Required action Apply updates per vendor instructions.
Due date June 22, 2022
Note 
https://nvd.nist.gov/vuln/detail/CVE-2019-5825
Ransomware campaign use Unknown
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Found at http://packetstormsecurity.com/files/156641/Google-Chrome-72-73-Array.map-Corruption.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-04T15:31:51Z/ Found at http://packetstormsecurity.com/files/156641/Google-Chrome-72-73-Array.map-Corruption.html
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-5825.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Found at https://chromereleases.googleblog.com/2019/04/stable-channel-update-for-desktop_30.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-04T15:31:51Z/ Found at https://chromereleases.googleblog.com/2019/04/stable-channel-update-for-desktop_30.html
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Found at https://crbug.com/941743
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-04T15:31:51Z/ Found at https://crbug.com/941743
Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P Found at https://nvd.nist.gov/vuln/detail/CVE-2019-5825
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2019-5825
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.98799
EPSS Score 0.73662
Published At April 2, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-04-01T14:19:54.464377+00:00 RedHat Importer Import https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-5825.json 38.0.0