Versions of puppeteer prior to 1.13.0 are vulnerable to the Use-After-Free vulnerability in Chromium (CVE-2019-5786). The Chromium FileReader API is vulnerable to Use-After-Free which may lead to Remote Code Execution.

Recommendation

Upgrade to version 1.13.0 or later.

References

blog.exodusintel.com/2019/03/20/cve-2019-5786-analysis-and-exploitation

chromereleases.googleblog.com/2019/03/stable-channel-update-for-desktop.html

crbug.com/936448

github.com/GoogleChrome/puppeteer

github.com/GoogleChrome/puppeteer/issues/4141

nvd.nist.gov/vuln/detail/CVE-2019-5786

snyk.io/vuln/SNYK-JS-PUPPETEER-174321

www.npmjs.com/advisories/824

redhatcve 1

ubuntucve 1

suse 1

chrome 3

nessus 8

openvas 6

attackerkb 2

kaspersky 2

malwarebytes 1

veracode 1

zdt 1

redhat 1

github 1

alpinelinux 1

metasploit 1

debiancve 1

prion 1

thn 2

osv 3

cve0day 1

myhack58 2

nvd 1

cve 1

exploitdb 1

checkpoint_advisories 1

debian 2

nodejs 1

cvelist 1

cisa_kev 1

archlinux 1

packetstorm 1

krebs 1

fireeye 1

threatpost 2

securelist 1

googleprojectzero 1

gentoo 1

fedora 2

githubexploit 2

redhatcve

CVE-2019-5786

2019-03-04 14:49:48

ubuntucve

CVE-2019-5786

2019-06-27 00:00:00

suse

Security update for chromium (important)

2019-03-08 00:00:00

chrome

Stable Channel Update for Chrome OS

2019-03-05 00:00:00

Chrome for Android Update

2019-03-01 00:00:00

Stable Channel Update for Desktop

2019-03-01 00:00:00

nessus

Google Chrome < 72.0.3626.121 Vulnerability

2019-03-06 00:00:00

RHEL 6 : chromium-browser (RHSA-2019:0481)

2019-03-12 00:00:00

openSUSE Security Update : chromium (openSUSE-2019-298)

2019-03-08 00:00:00

openvas

openSUSE: Security Advisory for chromium (openSUSE-SU-2019:0298-1)

2019-04-03 00:00:00

Google Chrome Security Updates (stable-channel-update-for-desktop-2019-03) - Mac OS X

2019-03-05 00:00:00

Debian: Security Advisory (DSA-4404-1)

2019-03-08 00:00:00

attackerkb

Google Chrome CVE-2019-5786 FileReader Use-After-Free Vulnerability

2019-06-27 00:00:00

CVE-2019-5786

2019-06-27 00:00:00

kaspersky

KLA11430 ACE vulnerability in Google Chrome

2019-03-01 00:00:00

KLA11436 Multiple vulnerabilities in Google Chrome

2019-03-12 00:00:00

malwarebytes

Google Chrome zero-day: Now is the time to update and restart your browser

2019-03-08 19:13:15

veracode

Denial Of Service (DoS)

2020-12-06 03:06:29

zdt

Chrome 72.0.3626.119 FileReader Use-After-Free Exploit

2019-05-08 00:00:00

redhat

(RHSA-2019:0481) Important: chromium-browser security update

2019-03-11 20:57:08

github

Use-After-Free in puppeteer

2020-09-02 18:25:43

alpinelinux

CVE-2019-5786

2019-06-27 17:15:13

metasploit

Chrome 72.0.3626.119 FileReader UaF exploit for Windows 7 x86

2019-05-06 09:05:00

debiancve

CVE-2019-5786

2019-06-27 17:15:13

prion

Design/Logic Flaw

2019-06-27 17:15:00

thn

New Google Chrome Zero-Day Vulnerability Found Actively Exploited in the Wild

2019-03-06 09:52:00

Microsoft Releases Patches for 64 Flaws — Two Under Active Attack

2019-03-12 18:15:00

osv

chromium - security update

2019-03-09 00:00:00

chromedriver-93.0.4577.82-1.1 on GA media

2024-06-15 00:00:00

ungoogled-chromium-113.0.5672.92-1.1 on GA media

2024-06-15 00:00:00

cve0day

Google Chrome CVE-2019-5786 Arbitrary Code Execution

2019-03-04 13:13:08

myhack58

CVE-2019-5786: chrome in the wild exploit 0day vulnerability alerts-a vulnerability alert-the black bar safety net

2019-03-06 00:00:00

By 2019, 3-month Microsoft patch day multiple vulnerabilities early warning-vulnerability warning-the black bar safety net

2019-03-17 00:00:00

nvd

CVE-2019-5786

2019-06-27 17:15:13

cve

CVE-2019-5786

2019-06-27 17:15:13

exploitdb

Google Chrome 72.0.3626.119 - 'FileReader' Use-After-Free (Metasploit)

2019-05-08 00:00:00

checkpoint_advisories

Google Chrome FileReader API Use After Free (CVE-2019-5786)

2019-03-21 00:00:00

debian

[SECURITY] [DSA 4404-1] chromium security update

2019-03-10 04:14:35

[SECURITY] [DSA 4404-1] chromium security update

2019-03-10 04:14:35

nodejs

Use-After-Free

2019-04-19 21:33:38

cvelist

CVE-2019-5786

2019-06-27 16:13:43

cisa_kev

Google Chrome Blink Use-After-Free Vulnerability

2022-05-23 00:00:00

archlinux

[ASA-201903-1] chromium: arbitrary code execution

2019-03-02 00:00:00

packetstorm

Chrome 72.0.3626.119 FileReader Use-After-Free

2019-05-08 00:00:00

krebs

Patch Tuesday, March 2019 Edition

2019-03-13 04:55:28

fireeye

Separating the Signal from the Noise: How Mandiant Intelligence Rates Vulnerabilities — Intelligence for Vulnerability Management, Part Three

2020-04-20 12:00:00

threatpost

Nation-State Attacks Drop in Latest Google Analysis

2020-03-30 20:53:22

Microsoft Patches Two Win32k Bugs Under Active Attack

2019-03-12 21:52:31

securelist

IT threat evolution Q1 2019. Statistics

2019-05-23 10:00:53

googleprojectzero

Detection Deficit: A Year in Review of 0-days Used In-The-Wild in 2019

2020-07-29 00:00:00

gentoo

Chromium: Multiple vulnerabilities

2019-03-28 00:00:00

fedora

[SECURITY] Fedora 30 Update: chromium-73.0.3683.75-2.fc30

2019-03-29 19:41:48

[SECURITY] Fedora 29 Update: chromium-73.0.3683.75-2.fc29

2019-03-25 06:10:55

githubexploit

Exploit for CVE-2014-4210

2022-03-19 01:54:15

Exploit for CVE-2014-4210

2022-03-19 01:54:15

Solutions

Vulnerabilities intelligence
Perimeter control tool
Linux scanner
Windows scanner
Developers SDK
Security Intelligence feeds

Database

Vulnerabilities
Exploits
Security News
BugBounty
Wild Exploited
Top Vulnerabilities
CVE Feed

Resources

Statics & Sources
Plugins
API docs
FAQ
Blog
Glossary

Company

About
Contacts
Pricing
EULA
Privacy Policy
Submission Policy
OpenSource

@2024 Vulners Inc

EPSS

0.972

Percentile

99.9%

JSON

Related for OSV:GHSA-C2GP-86P4-5935