Allele Security Alert
ASA-2019-00646
Identifier(s)
ASA-2019-00646, CVE-2019-13720
Title
Chromium WebAudio Use-After-Free Vulnerability
Vendor(s)
GitHub Inc
Product(s)
Electron
Affected version(s)
Electron versions before 6.1.4
Fixed version(s)
Electron version 6.1.4
Proof of concept
Yes
Description
A vulnerability has been discovered in Chrome which affects all software based on Chromium, including Electron.
Use-after-free in WebAudio in Google Chrome allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Technical details
Unknown
Credits
Anton Ivanov and Alexey Kulaev (Kaspersky Labs)
Reference(s)
Chromium WebAudio Vulnerability Fix (CVE-2019-13720) | Electron Blog
https://electronjs.org/blog/cve-2019-13720
Stable Channel Update for Desktop
https://chromereleases.googleblog.com/2019/10/stable-channel-update-for-desktop_31.html
CVE-2019-13720 - Red Hat Customer Portal
https://access.redhat.com/security/cve/CVE-2019-13720
https://people.canonical.com/~ubuntu-security/cve/CVE-2019-13720.html
CVE-2019-13720
https://security-tracker.debian.org/tracker/CVE-2019-13720
CVE-2019-13720 | SUSE
https://www.suse.com/security/cve/CVE-2019-13720
CVE-2019-13720
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13720
CVE-2019-13720
https://nvd.nist.gov/vuln/detail/CVE-2019-13720
If there is any error in this alert or you wish a comprehensive analysis, let us know.
Last modified: December 9, 2019