Search for vulnerabilities
Vulnerability details: VCID-a143-a6xc-aaab
Vulnerability ID VCID-a143-a6xc-aaab
Aliases CVE-2019-13767
Summary Use after free in media picker in Google Chrome prior to 79.0.3945.88 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.
Status Published
Exploitability 0.5
Weighted Severity 9.0
Risk 4.5
Affected and Fixed Packages Package Details
Weaknesses (2)
CWE-787 Out-of-bounds Write
CWE-416 Use After Free
System Score Found at
generic_textual Medium http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-13767.html
rhas Important https://access.redhat.com/errata/RHSA-2020:0005
cvssv3 8.8 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-13767.json
epss 0.04751 https://api.first.org/data/v1/epss?cve=CVE-2019-13767
epss 0.06088 https://api.first.org/data/v1/epss?cve=CVE-2019-13767
epss 0.06088 https://api.first.org/data/v1/epss?cve=CVE-2019-13767
epss 0.06088 https://api.first.org/data/v1/epss?cve=CVE-2019-13767
epss 0.07047 https://api.first.org/data/v1/epss?cve=CVE-2019-13767
epss 0.07047 https://api.first.org/data/v1/epss?cve=CVE-2019-13767
epss 0.07047 https://api.first.org/data/v1/epss?cve=CVE-2019-13767
epss 0.07047 https://api.first.org/data/v1/epss?cve=CVE-2019-13767
epss 0.07047 https://api.first.org/data/v1/epss?cve=CVE-2019-13767
epss 0.07047 https://api.first.org/data/v1/epss?cve=CVE-2019-13767
epss 0.07047 https://api.first.org/data/v1/epss?cve=CVE-2019-13767
epss 0.07047 https://api.first.org/data/v1/epss?cve=CVE-2019-13767
epss 0.07047 https://api.first.org/data/v1/epss?cve=CVE-2019-13767
epss 0.07047 https://api.first.org/data/v1/epss?cve=CVE-2019-13767
epss 0.07047 https://api.first.org/data/v1/epss?cve=CVE-2019-13767
epss 0.07047 https://api.first.org/data/v1/epss?cve=CVE-2019-13767
epss 0.07047 https://api.first.org/data/v1/epss?cve=CVE-2019-13767
epss 0.07047 https://api.first.org/data/v1/epss?cve=CVE-2019-13767
epss 0.07047 https://api.first.org/data/v1/epss?cve=CVE-2019-13767
epss 0.07047 https://api.first.org/data/v1/epss?cve=CVE-2019-13767
epss 0.07047 https://api.first.org/data/v1/epss?cve=CVE-2019-13767
epss 0.07047 https://api.first.org/data/v1/epss?cve=CVE-2019-13767
epss 0.07047 https://api.first.org/data/v1/epss?cve=CVE-2019-13767
epss 0.07047 https://api.first.org/data/v1/epss?cve=CVE-2019-13767
epss 0.07047 https://api.first.org/data/v1/epss?cve=CVE-2019-13767
epss 0.07047 https://api.first.org/data/v1/epss?cve=CVE-2019-13767
epss 0.07047 https://api.first.org/data/v1/epss?cve=CVE-2019-13767
epss 0.07047 https://api.first.org/data/v1/epss?cve=CVE-2019-13767
epss 0.07047 https://api.first.org/data/v1/epss?cve=CVE-2019-13767
epss 0.07047 https://api.first.org/data/v1/epss?cve=CVE-2019-13767
epss 0.07047 https://api.first.org/data/v1/epss?cve=CVE-2019-13767
epss 0.07047 https://api.first.org/data/v1/epss?cve=CVE-2019-13767
epss 0.07047 https://api.first.org/data/v1/epss?cve=CVE-2019-13767
epss 0.07047 https://api.first.org/data/v1/epss?cve=CVE-2019-13767
epss 0.07047 https://api.first.org/data/v1/epss?cve=CVE-2019-13767
epss 0.07047 https://api.first.org/data/v1/epss?cve=CVE-2019-13767
epss 0.07047 https://api.first.org/data/v1/epss?cve=CVE-2019-13767
epss 0.07047 https://api.first.org/data/v1/epss?cve=CVE-2019-13767
epss 0.07047 https://api.first.org/data/v1/epss?cve=CVE-2019-13767
epss 0.07047 https://api.first.org/data/v1/epss?cve=CVE-2019-13767
epss 0.07047 https://api.first.org/data/v1/epss?cve=CVE-2019-13767
epss 0.07047 https://api.first.org/data/v1/epss?cve=CVE-2019-13767
epss 0.07047 https://api.first.org/data/v1/epss?cve=CVE-2019-13767
epss 0.07047 https://api.first.org/data/v1/epss?cve=CVE-2019-13767
epss 0.07047 https://api.first.org/data/v1/epss?cve=CVE-2019-13767
epss 0.07047 https://api.first.org/data/v1/epss?cve=CVE-2019-13767
epss 0.07047 https://api.first.org/data/v1/epss?cve=CVE-2019-13767
epss 0.07047 https://api.first.org/data/v1/epss?cve=CVE-2019-13767
epss 0.07047 https://api.first.org/data/v1/epss?cve=CVE-2019-13767
epss 0.07047 https://api.first.org/data/v1/epss?cve=CVE-2019-13767
epss 0.07047 https://api.first.org/data/v1/epss?cve=CVE-2019-13767
epss 0.07047 https://api.first.org/data/v1/epss?cve=CVE-2019-13767
epss 0.07047 https://api.first.org/data/v1/epss?cve=CVE-2019-13767
epss 0.07423 https://api.first.org/data/v1/epss?cve=CVE-2019-13767
epss 0.07423 https://api.first.org/data/v1/epss?cve=CVE-2019-13767
epss 0.10185 https://api.first.org/data/v1/epss?cve=CVE-2019-13767
epss 0.19974 https://api.first.org/data/v1/epss?cve=CVE-2019-13767
epss 0.19974 https://api.first.org/data/v1/epss?cve=CVE-2019-13767
epss 0.19974 https://api.first.org/data/v1/epss?cve=CVE-2019-13767
epss 0.19974 https://api.first.org/data/v1/epss?cve=CVE-2019-13767
epss 0.19974 https://api.first.org/data/v1/epss?cve=CVE-2019-13767
epss 0.19974 https://api.first.org/data/v1/epss?cve=CVE-2019-13767
epss 0.19974 https://api.first.org/data/v1/epss?cve=CVE-2019-13767
epss 0.19974 https://api.first.org/data/v1/epss?cve=CVE-2019-13767
epss 0.19974 https://api.first.org/data/v1/epss?cve=CVE-2019-13767
rhbs high https://bugzilla.redhat.com/show_bug.cgi?id=1784989
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13725
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13726
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13727
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13728
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13729
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13730
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13732
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13734
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13735
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13736
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13737
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13738
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13739
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13740
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13741
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13743
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13744
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13745
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13746
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13748
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13750
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13751
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13752
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13753
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13754
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13755
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13756
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13757
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13759
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13761
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13762
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13763
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13764
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13767
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6377
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6378
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6379
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6380
cvssv2 6.8 https://nvd.nist.gov/vuln/detail/CVE-2019-13767
cvssv3 8.8 https://nvd.nist.gov/vuln/detail/CVE-2019-13767
cvssv3.1 8.8 https://nvd.nist.gov/vuln/detail/CVE-2019-13767
archlinux Critical https://security.archlinux.org/AVG-1078
Reference id Reference type URL
http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00005.html
http://packetstormsecurity.com/files/156563/Chrome-DesktopMediaPickerController-WebContentsDestroyed-Use-After-Free.html
http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-13767.html
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-13767.json
https://api.first.org/data/v1/epss?cve=CVE-2019-13767
https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop_17.html
https://crbug.com/1031653
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13725
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13726
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13727
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13728
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13729
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13730
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13732
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13734
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13735
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13736
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13737
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13738
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13739
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13740
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13741
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13742
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13743
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13744
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13745
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13746
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13747
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13748
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13749
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13750
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13751
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13752
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13753
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13754
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13755
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13756
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13757
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13758
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13759
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13761
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13762
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13763
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13764
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13767
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6377
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6378
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6379
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6380
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N5CIQCVS6E3ULJCNU7YJXJPO2BLQZDTK/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N5CIQCVS6E3ULJCNU7YJXJPO2BLQZDTK/
https://seclists.org/bugtraq/2020/Jan/27
https://security.gentoo.org/glsa/202003-08
https://www.debian.org/security/2020/dsa-4606
1784989 https://bugzilla.redhat.com/show_bug.cgi?id=1784989
AVG-1078 https://security.archlinux.org/AVG-1078
cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*
cpe:2.3:a:opensuse:backports_sle:15.0:sp1:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:opensuse:backports_sle:15.0:sp1:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*
CVE-2019-13767 https://nvd.nist.gov/vuln/detail/CVE-2019-13767
RHSA-2020:0005 https://access.redhat.com/errata/RHSA-2020:0005
No exploits are available.
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-13767.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P Found at https://nvd.nist.gov/vuln/detail/CVE-2019-13767
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2019-13767
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2019-13767
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.92624
EPSS Score 0.04751
Published At Jan. 16, 2025, midnight
Date Actor Action Source VulnerableCode Version
There are no relevant records.