CVE-2019-13726
📋 TL;DR
A buffer overflow vulnerability in Google Chrome's password manager allowed remote attackers to execute arbitrary code by tricking users into visiting a malicious HTML page. This affected all Chrome users prior to version 79.0.3945.79, potentially leading to complete system compromise.
💻 Affected Systems
- Google Chrome
📦 What is this software?
Chrome by Google
Google Chrome is the world's most popular web browser, used by over 3 billion users globally across Windows, macOS, Linux, Android, and iOS platforms. As a Chromium-based browser developed by Google, Chrome dominates the browser market with approximately 65% market share, making it a critical compon...
Learn more about Chrome →Enterprise Linux For Scientific Computing by Redhat
View all CVEs affecting Enterprise Linux For Scientific Computing →
Enterprise Linux For Scientific Computing by Redhat
View all CVEs affecting Enterprise Linux For Scientific Computing →
Fedora by Fedoraproject
Fedora by Fedoraproject
⚠️ Risk & Real-World Impact
Worst Case
Remote code execution leading to full system compromise, credential theft, lateral movement, and persistent backdoor installation.
Likely Case
Credential theft from password manager, session hijacking, and installation of malware on the victim's system.
If Mitigated
Limited impact with proper network segmentation, application whitelisting, and endpoint protection that blocks exploitation attempts.
🎯 Exploit Status
Exploitation requires user interaction (visiting malicious page) but no authentication. The bug report (crbug.com/1027152) contains technical details that could aid exploitation.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 79.0.3945.79
Vendor Advisory: https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop.html
Restart Required: Yes
Instructions:
1. Open Chrome. 2. Click menu (three dots) → Help → About Google Chrome. 3. Chrome will automatically check for and install updates. 4. Click 'Relaunch' to restart Chrome with the patched version.
🔧 Temporary Workarounds
Disable Password Manager
allTemporarily disable Chrome's password manager to remove the vulnerable component.
chrome://settings/passwords → Toggle 'Offer to save passwords' to OFF
Use Incognito Mode
allPassword manager is disabled in Incognito mode, preventing exploitation.
Ctrl+Shift+N (Windows/Linux) or Cmd+Shift+N (macOS) to open Incognito window
🧯 If You Can't Patch
- Implement network filtering to block known malicious domains and restrict web browsing to trusted sites only.
- Deploy application control/whitelisting to prevent unauthorized code execution even if exploitation occurs.
🔍 How to Verify
Check if Vulnerable:
Check Chrome version: If version is less than 79.0.3945.79, the system is vulnerable.Check Version:
On Chrome: chrome://version/ or 'google-chrome --version' in terminal (Linux/macOS)Verify Fix Applied:
Confirm Chrome version is 79.0.3945.79 or higher after update.📡 Detection & Monitoring
Log Indicators:
- Chrome crash reports with memory corruption signatures
- Unusual process spawning from Chrome
- Access to password storage files outside normal patterns
Network Indicators:
- Connections to suspicious domains followed by unusual outbound traffic
- HTTP requests to pages with crafted HTML payloads
SIEM Query:
process_name:"chrome.exe" AND (event_id:1000 OR event_id:1001) AND exception_code:0xc0000005🔗 References
- http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00032.html
- http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00036.html
- https://access.redhat.com/errata/RHSA-2019:4238
- https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop.html
- https://crbug.com/1027152
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2Z5M4FPUMDNX2LDPHJKN5ZV5GIS2AKNU/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N5CIQCVS6E3ULJCNU7YJXJPO2BLQZDTK/
- https://seclists.org/bugtraq/2020/Jan/27
- https://security.gentoo.org/glsa/202003-08
- https://www.debian.org/security/2020/dsa-4606
- http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00032.html
- http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00036.html
- https://access.redhat.com/errata/RHSA-2019:4238
- https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop.html
- https://crbug.com/1027152
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2Z5M4FPUMDNX2LDPHJKN5ZV5GIS2AKNU/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N5CIQCVS6E3ULJCNU7YJXJPO2BLQZDTK/
- https://seclists.org/bugtraq/2020/Jan/27
- https://security.gentoo.org/glsa/202003-08
- https://www.debian.org/security/2020/dsa-4606
