CVE-2019-5785 : What You Need to Know

Google Chrome prior to version 72.0.3626.81 is affected by a vulnerability due to incorrect convexity calculations in the Skia library. This flaw could allow a remote attacker to exploit an out of bounds memory write through a specially crafted HTML page.

Understanding CVE-2019-5785

This CVE identifies an out of bounds write vulnerability in Google Chrome.

What is CVE-2019-5785?

Prior to version 72.0.3626.81 of Google Chrome, incorrect convexity calculations in the Skia library resulted in a vulnerability where a remote attacker could exploit an out of bounds memory write by utilizing a carefully crafted HTML page.

The Impact of CVE-2019-5785

The vulnerability could be exploited by a remote attacker to perform an out of bounds memory write, potentially leading to arbitrary code execution or system compromise.

Technical Details of CVE-2019-5785

Google Chrome vulnerability details.

Vulnerability Description

The vulnerability in Google Chrome prior to version 72.0.3626.81 allows a remote attacker to perform an out of bounds memory write through a crafted HTML page.

Affected Systems and Versions

Product: Chrome
Vendor: Google
Versions Affected: < 72.0.3626.81

Exploitation Mechanism

The vulnerability can be exploited by a remote attacker through a carefully crafted HTML page to trigger an out of bounds memory write.

Mitigation and Prevention

Protecting systems from CVE-2019-5785.

Immediate Steps to Take

Update Google Chrome to version 72.0.3626.81 or later.
Avoid clicking on suspicious links or visiting untrusted websites.
Implement security best practices for web browsing.

Long-Term Security Practices

Regularly update software and applications to the latest versions.
Employ security tools like antivirus and firewalls to detect and prevent malicious activities.
Educate users on safe browsing habits and the importance of software updates.

Patching and Updates

Google has released a patch in version 72.0.3626.81 to address this vulnerability.