Rule Category

BROWSER-CHROME -- Snort has detected suspicious traffic known to exploit vulnerabilities present in the Chrome browser. These rules are separate from the "browser-webkit" category; while it uses the Webkit rendering engine, there's a lot of other features to create a secondary Chrome category.

Alert Message

BROWSER-CHROME Google Chrome FileReader use after free attempt

Rule Explanation

This event is generated when Google Chrome's FileReader interface is targeted in a use after free attempt. Impact: Attempted User Privilege Gain Details: CVE-2019-5786 is a vulnerability in the FileReader interface of the Chrome Browser. The FileReader interface is API that allows browsers read the contents of files stored on a computer. It is in this API that a use-after-free exits that may allow an attacker the ability escape Chromes sandbox and gain the ability to perform remote code execution against a vulnerable system. This vulnerability has been exploited in the wild. Ease of Attack:

What To Look For

Known Usage

No public information

False Positives

No known false positives

Contributors

Cisco Talos Intelligence Group

MITRE ATT&CK Framework

Tactic:

Technique:

For reference, see the MITRE ATT&CK vulnerability types here: https://attack.mitre.org

CVE

Additional Links

CVE Additional Information

CVE-2019-5786
Object lifetime issue in Blink in Google Chrome prior to 72.0.3626.121 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page.
Details
Severity Base Score6.5
Impact Score3.6 Exploit Score2.8
Confidentiality ImpactNONE Integrity ImpactNONE
Availability ImpactHIGH Attack VectorNETWORK
ScopeUNCHANGED User InteractionREQUIRED
Authentication Ease of AccessLOW
Privileges RequiredNONE