VIR Vulnerability Intelligence Relay

CVE-2019-5785

high
Published — · Modified —
CVSS v3
CVSS v2
VIR risk
8.0

Description

Incorrect convexity calculations in Skia in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page.

Predictions

Exploit likelihood
20%
Patch ETA

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

vendor Authored 2026-05-27

Vendor advisory: debian — https://security-tracker.debian.org/tracker/CVE-2019-5785

vendor Authored 2026-05-27

Vendor advisory: suse — https://www.suse.com/security/cve/CVE-2019-5785.html

vendor Authored 2026-05-27

Vendor advisory: arch — https://security.archlinux.org/ASA-201902-16

vendor Authored 2026-05-27

Vendor advisory: arch — https://security.archlinux.org/ASA-201902-23

OS impact
OSVersionStatusFixed in
arch archfixed60.5.1-1
suse slesaffected
debian debiansidfixed65.0.1-1
debian debianbookwormfixed60.5.1esr-1
debian debianbullseyefixed60.5.1esr-1
debian debianforkyfixed60.5.1esr-1
debian debiantrixiefixed60.5.1esr-1

References

Verify integrity in audit chain (admin only). AS-IS.