The vulnerability exists in the AppCache subsystem in Chrome Versions 69.0 and before. This code is located in the privileged browser process outside of the sandbox. The renderer interacts with this subsystem by sending IPC messages from the renderer to the browser process. These messages can cause the browser to make network requests, which are also attacker-controlled and influence the behavior of the code.
Vendor has fixed the issue in Google Chrome version 70.
Independent security researchers, Ned Williamson and Niklas Baumstark, had reported this vulnerability to Beyond Security’s SecuriTeam Secure Disclosure program.
Google Chrome Versions 69.0 and before.
Continue reading SSD Advisory – Chrome AppCache Subsystem SBX by utilizing a Use After Free