OVAL Definition Details: oval:org.cisecurity:def:6797

CVE: CVE-2019-5869

Id: CVE-2019-5869

Reference: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5869

Comment : Use after free in Blink in Google Chrome prior to 76.0.3809.132 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

CVSSv2 Score: 4.3

Access vector:	PARTIAL
Access complexity:	MEDIUM
Authentication:	NONE
Confidentiality impact:	NONE
Integrity impact:	NONE
Availability impact:	PARTIAL

CVSSv2 Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P

CVSSv3 Score: 6.5

Attack vector:	NETWORK
Attack complexity:	LOW
Privileges required:	NONE
User interaction:	REQUIRED
Scope:	UNCHANGED
Confidentiality impact:	NONE
Integrity impact:	NONE
Availability impact:	HIGH

CVSSv3 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

CWE: 416 (Use After Free)

References:

CVE: CVE-2019-5870

Id: CVE-2019-5870

Reference: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5870

Comment : Use after free in media in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page.

CVSSv2 Score: 6.8

Access vector:	PARTIAL
Access complexity:	MEDIUM
Authentication:	NONE
Confidentiality impact:	PARTIAL
Integrity impact:	PARTIAL
Availability impact:	PARTIAL

CVSSv2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSSv3 Score: 9.6

Attack vector:	NETWORK
Attack complexity:	LOW
Privileges required:	NONE
User interaction:	REQUIRED
Scope:	CHANGED
Confidentiality impact:	HIGH
Integrity impact:	HIGH
Availability impact:	HIGH

CVSSv3 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

CWE: 416 (Use After Free)

References:

CVE: CVE-2019-5871

Id: CVE-2019-5871

Reference: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5871

Comment : Heap buffer overflow in Skia in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

CVSSv2 Score: 6.8

Access vector:	PARTIAL
Access complexity:	MEDIUM
Authentication:	NONE
Confidentiality impact:	PARTIAL
Integrity impact:	PARTIAL
Availability impact:	PARTIAL

CVSSv2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSSv3 Score: 8.8

Attack vector:	NETWORK
Attack complexity:	LOW
Privileges required:	NONE
User interaction:	REQUIRED
Scope:	UNCHANGED
Confidentiality impact:	HIGH
Integrity impact:	HIGH
Availability impact:	HIGH

CVSSv3 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE: 787 (Out-of-bounds Write)

References:

CVE: CVE-2019-5872

Id: CVE-2019-5872

Reference: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5872

Comment : Use after free in Mojo in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

CVSSv2 Score: 4.3

Access vector:	PARTIAL
Access complexity:	MEDIUM
Authentication:	NONE
Confidentiality impact:	NONE
Integrity impact:	NONE
Availability impact:	PARTIAL

CVSSv2 Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P

CVSSv3 Score: 6.5

Attack vector:	NETWORK
Attack complexity:	LOW
Privileges required:	NONE
User interaction:	REQUIRED
Scope:	UNCHANGED
Confidentiality impact:	NONE
Integrity impact:	NONE
Availability impact:	HIGH

CVSSv3 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

CWE: 416 (Use After Free)

References:

CVE: CVE-2019-5874

Id: CVE-2019-5874

Reference: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5874

Comment : Insufficient filtering in URI schemes in Google Chrome on Windows prior to 77.0.3865.75 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.

CVSSv2 Score: 6.8

Access vector:	PARTIAL
Access complexity:	MEDIUM
Authentication:	NONE
Confidentiality impact:	PARTIAL
Integrity impact:	PARTIAL
Availability impact:	PARTIAL

CVSSv2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSSv3 Score: 8.8

Attack vector:	NETWORK
Attack complexity:	LOW
Privileges required:	NONE
User interaction:	REQUIRED
Scope:	UNCHANGED
Confidentiality impact:	HIGH
Integrity impact:	HIGH
Availability impact:	HIGH

CVSSv3 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE: 20 (Improper Input Validation)

References:

CVE: CVE-2019-5875

Id: CVE-2019-5875

Reference: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5875

Comment : Insufficient data validation in downloads in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.

CVSSv2 Score: 4.3

Access vector:	NONE
Access complexity:	MEDIUM
Authentication:	NONE
Confidentiality impact:	NONE
Integrity impact:	PARTIAL
Availability impact:	NONE

CVSSv2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSSv3 Score: 4.3

Attack vector:	NETWORK
Attack complexity:	LOW
Privileges required:	NONE
User interaction:	REQUIRED
Scope:	UNCHANGED
Confidentiality impact:	NONE
Integrity impact:	LOW
Availability impact:	NONE

CVSSv3 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

CWE: 20 (Improper Input Validation)

References:

CVE: CVE-2019-5876

Id: CVE-2019-5876

Reference: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5876

Comment : Use after free in media in Google Chrome on Android prior to 77.0.3865.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

CVSSv2 Score: 6.8

Access vector:	PARTIAL
Access complexity:	MEDIUM
Authentication:	NONE
Confidentiality impact:	PARTIAL
Integrity impact:	PARTIAL
Availability impact:	PARTIAL

CVSSv2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSSv3 Score: 8.8

Attack vector:	NETWORK
Attack complexity:	LOW
Privileges required:	NONE
User interaction:	REQUIRED
Scope:	UNCHANGED
Confidentiality impact:	HIGH
Integrity impact:	HIGH
Availability impact:	HIGH

CVSSv3 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE: 416 (Use After Free)

References:

CVE: CVE-2019-5877

CVE: CVE-2019-5878

Id: CVE-2019-5878

Reference: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5878

Comment : Use after free in V8 in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

CVSSv2 Score: 6.8

Access vector:	PARTIAL
Access complexity:	MEDIUM
Authentication:	NONE
Confidentiality impact:	PARTIAL
Integrity impact:	PARTIAL
Availability impact:	PARTIAL

CVSSv2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSSv3 Score: 8.8

Attack vector:	NETWORK
Attack complexity:	LOW
Privileges required:	NONE
User interaction:	REQUIRED
Scope:	UNCHANGED
Confidentiality impact:	HIGH
Integrity impact:	HIGH
Availability impact:	HIGH

CVSSv3 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE: 416 (Use After Free)

References:

CVE: CVE-2019-5879

Id: CVE-2019-5879

Reference: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5879

Comment : Insufficient policy enforcement in extensions in Google Chrome prior to 77.0.3865.75 allowed an attacker who convinced a user to install a malicious extension to read local files via a crafted Chrome Extension.

CVSSv2 Score: 4.3

Access vector:	NONE
Access complexity:	MEDIUM
Authentication:	NONE
Confidentiality impact:	PARTIAL
Integrity impact:	NONE
Availability impact:	NONE

CVSSv2 Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N

CVSSv3 Score: 6.5

Attack vector:	NETWORK
Attack complexity:	LOW
Privileges required:	NONE
User interaction:	REQUIRED
Scope:	UNCHANGED
Confidentiality impact:	HIGH
Integrity impact:	NONE
Availability impact:	NONE

CVSSv3 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

CWE: 20 (Improper Input Validation)

References:

CVE: CVE-2019-5880

Id: CVE-2019-5880

Reference: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5880

Comment : Insufficient policy enforcement in Blink in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

CVSSv2 Score: 4.3

Access vector:	NONE
Access complexity:	MEDIUM
Authentication:	NONE
Confidentiality impact:	PARTIAL
Integrity impact:	NONE
Availability impact:	NONE

CVSSv2 Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N

CVSSv3 Score: 7.4

Attack vector:	NETWORK
Attack complexity:	LOW
Privileges required:	NONE
User interaction:	REQUIRED
Scope:	CHANGED
Confidentiality impact:	HIGH
Integrity impact:	NONE
Availability impact:	NONE

CVSSv3 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N

CWE: 200 (Information Exposure)

References:

CVE: CVE-2019-13659

Id: CVE-2019-13659

Reference: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13659

Comment : IDN spoofing in Omnibox in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name.

CVSSv2 Score: 4.3

Access vector:	NONE
Access complexity:	MEDIUM
Authentication:	NONE
Confidentiality impact:	NONE
Integrity impact:	PARTIAL
Availability impact:	NONE

CVSSv2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSSv3 Score: 4.3

Attack vector:	NETWORK
Attack complexity:	LOW
Privileges required:	NONE
User interaction:	REQUIRED
Scope:	UNCHANGED
Confidentiality impact:	NONE
Integrity impact:	LOW
Availability impact:	NONE

CVSSv3 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

CWE: 732 (Incorrect Permission Assignment for Critical Resource)

References:

CVE: CVE-2019-13660

Id: CVE-2019-13660

Reference: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13660

Comment : UI spoofing in Chromium in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to spoof notifications via a crafted HTML page.

CVSSv2 Score: 4.3

Access vector:	NONE
Access complexity:	MEDIUM
Authentication:	NONE
Confidentiality impact:	NONE
Integrity impact:	PARTIAL
Availability impact:	NONE

CVSSv2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSSv3 Score: 5.3

Attack vector:	NETWORK
Attack complexity:	LOW
Privileges required:	NONE
User interaction:	NONE
Scope:	UNCHANGED
Confidentiality impact:	NONE
Integrity impact:	LOW
Availability impact:	NONE

CVSSv3 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

CWE: 20 (Improper Input Validation)

References:

CVE: CVE-2019-13661

Id: CVE-2019-13661

Reference: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13661

Comment : UI spoofing in Chromium in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to spoof notifications via a crafted HTML page.

CVSSv2 Score: 4.3

Access vector:	NONE
Access complexity:	MEDIUM
Authentication:	NONE
Confidentiality impact:	NONE
Integrity impact:	PARTIAL
Availability impact:	NONE

CVSSv2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSSv3 Score: 4.3

Attack vector:	NETWORK
Attack complexity:	LOW
Privileges required:	NONE
User interaction:	REQUIRED
Scope:	UNCHANGED
Confidentiality impact:	NONE
Integrity impact:	LOW
Availability impact:	NONE

CVSSv3 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

CWE: 20 (Improper Input Validation)

References:

CVE: CVE-2019-13662

Id: CVE-2019-13662

Reference: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13662

Comment : Insufficient policy enforcement in navigations in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to bypass content security policy via a crafted HTML page.

CVSSv2 Score: 4.3

Access vector:	NONE
Access complexity:	MEDIUM
Authentication:	NONE
Confidentiality impact:	NONE
Integrity impact:	PARTIAL
Availability impact:	NONE

CVSSv2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSSv3 Score: 6.5

Attack vector:	NETWORK
Attack complexity:	LOW
Privileges required:	NONE
User interaction:	REQUIRED
Scope:	UNCHANGED
Confidentiality impact:	NONE
Integrity impact:	HIGH
Availability impact:	NONE

CVSSv3 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

CWE: 732 (Incorrect Permission Assignment for Critical Resource)

References:

CVE: CVE-2019-13663

Id: CVE-2019-13663

Reference: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13663

Comment : IDN spoofing in Omnibox in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name.

CVSSv2 Score: 4.3

Access vector:	NONE
Access complexity:	MEDIUM
Authentication:	NONE
Confidentiality impact:	NONE
Integrity impact:	PARTIAL
Availability impact:	NONE

CVSSv2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSSv3 Score: 4.3

Attack vector:	NETWORK
Attack complexity:	LOW
Privileges required:	NONE
User interaction:	REQUIRED
Scope:	UNCHANGED
Confidentiality impact:	NONE
Integrity impact:	LOW
Availability impact:	NONE

CVSSv3 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

CWE: 20 (Improper Input Validation)

References:

CVE: CVE-2019-13664

Id: CVE-2019-13664

Reference: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13664

Comment : Insufficient policy enforcement in Blink in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to bypass content security policy via a crafted HTML page.

CVSSv2 Score: 4.3

Access vector:	NONE
Access complexity:	MEDIUM
Authentication:	NONE
Confidentiality impact:	NONE
Integrity impact:	PARTIAL
Availability impact:	NONE

CVSSv2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSSv3 Score: 6.5

Attack vector:	NETWORK
Attack complexity:	LOW
Privileges required:	NONE
User interaction:	REQUIRED
Scope:	UNCHANGED
Confidentiality impact:	NONE
Integrity impact:	HIGH
Availability impact:	NONE

CVSSv3 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

CWE: 732 (Incorrect Permission Assignment for Critical Resource)

References:

CVE: CVE-2019-13665

Id: CVE-2019-13665

Reference: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13665

Comment : Insufficient filtering in Blink in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to bypass multiple file download protection via a crafted HTML page.

CVSSv2 Score: 4.3

Access vector:	NONE
Access complexity:	MEDIUM
Authentication:	NONE
Confidentiality impact:	NONE
Integrity impact:	PARTIAL
Availability impact:	NONE

CVSSv2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSSv3 Score: 6.5

Attack vector:	NETWORK
Attack complexity:	LOW
Privileges required:	NONE
User interaction:	REQUIRED
Scope:	UNCHANGED
Confidentiality impact:	NONE
Integrity impact:	HIGH
Availability impact:	NONE

CVSSv3 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

CWE: 732 (Incorrect Permission Assignment for Critical Resource)

References:

CVE: CVE-2019-13666

Id: CVE-2019-13666

Reference: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13666

Comment : Information leak in storage in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

CVSSv2 Score: 4.3

Access vector:	NONE
Access complexity:	MEDIUM
Authentication:	NONE
Confidentiality impact:	PARTIAL
Integrity impact:	NONE
Availability impact:	NONE

CVSSv2 Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N

CVSSv3 Score: 7.4

Attack vector:	NETWORK
Attack complexity:	LOW
Privileges required:	NONE
User interaction:	REQUIRED
Scope:	CHANGED
Confidentiality impact:	HIGH
Integrity impact:	NONE
Availability impact:	NONE

CVSSv3 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N

CWE: 200 (Information Exposure)

References:

CVE: CVE-2019-13667

Id: CVE-2019-13667

Reference: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13667

Comment : Inappropriate implementation in Omnibox in Google Chrome on iOS prior to 77.0.3865.75 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.

CVSSv2 Score: 4.3

Access vector:	NONE
Access complexity:	MEDIUM
Authentication:	NONE
Confidentiality impact:	NONE
Integrity impact:	PARTIAL
Availability impact:	NONE

CVSSv2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSSv3 Score: 4.3

Attack vector:	NETWORK
Attack complexity:	LOW
Privileges required:	NONE
User interaction:	REQUIRED
Scope:	UNCHANGED
Confidentiality impact:	NONE
Integrity impact:	LOW
Availability impact:	NONE

CVSSv3 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

CWE: 20 (Improper Input Validation)

References:

CVE: CVE-2019-13668

Id: CVE-2019-13668

Reference: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13668

Comment : Insufficient policy enforcement in developer tools in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

CVSSv2 Score: 4.3

Access vector:	NONE
Access complexity:	MEDIUM
Authentication:	NONE
Confidentiality impact:	PARTIAL
Integrity impact:	NONE
Availability impact:	NONE

CVSSv2 Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N

CVSSv3 Score: 7.4

Attack vector:	NETWORK
Attack complexity:	LOW
Privileges required:	NONE
User interaction:	REQUIRED
Scope:	CHANGED
Confidentiality impact:	HIGH
Integrity impact:	NONE
Availability impact:	NONE

CVSSv3 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N

CWE: 732 (Incorrect Permission Assignment for Critical Resource)

References:

CVE: CVE-2019-13669

Id: CVE-2019-13669

Reference: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13669

Comment : Incorrect data validation in navigation in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.

CVSSv2 Score: 4.3

Access vector:	NONE
Access complexity:	MEDIUM
Authentication:	NONE
Confidentiality impact:	NONE
Integrity impact:	PARTIAL
Availability impact:	NONE

CVSSv2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSSv3 Score: 4.3

Attack vector:	NETWORK
Attack complexity:	LOW
Privileges required:	NONE
User interaction:	REQUIRED
Scope:	UNCHANGED
Confidentiality impact:	NONE
Integrity impact:	LOW
Availability impact:	NONE

CVSSv3 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

CWE: 20 (Improper Input Validation)

References:

CVE: CVE-2019-13670

Id: CVE-2019-13670

Reference: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13670

Comment : Insufficient data validation in JavaScript in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

CVSSv2 Score: 4.3

Access vector:	PARTIAL
Access complexity:	MEDIUM
Authentication:	NONE
Confidentiality impact:	NONE
Integrity impact:	NONE
Availability impact:	PARTIAL

CVSSv2 Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P

CVSSv3 Score: 6.5

Attack vector:	NETWORK
Attack complexity:	LOW
Privileges required:	NONE
User interaction:	REQUIRED
Scope:	UNCHANGED
Confidentiality impact:	NONE
Integrity impact:	NONE
Availability impact:	HIGH

CVSSv3 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

CWE: 20 (Improper Input Validation)

References:

CVE: CVE-2019-13671

Id: CVE-2019-13671

Reference: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13671

Comment : UI spoofing in Blink in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to spoof security UI via a crafted HTML page.

CVSSv2 Score: 4.3

Access vector:	NONE
Access complexity:	MEDIUM
Authentication:	NONE
Confidentiality impact:	NONE
Integrity impact:	PARTIAL
Availability impact:	NONE

CVSSv2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSSv3 Score: 4.3

Attack vector:	NETWORK
Attack complexity:	LOW
Privileges required:	NONE
User interaction:	REQUIRED
Scope:	UNCHANGED
Confidentiality impact:	NONE
Integrity impact:	LOW
Availability impact:	NONE

CVSSv3 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

CWE: 20 (Improper Input Validation)

References:

CVE: CVE-2019-13673

Id: CVE-2019-13673

Reference: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13673

Comment : Insufficient data validation in developer tools in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

CVSSv2 Score: 4.3

Access vector:	NONE
Access complexity:	MEDIUM
Authentication:	NONE
Confidentiality impact:	PARTIAL
Integrity impact:	NONE
Availability impact:	NONE

CVSSv2 Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N

CVSSv3 Score: 7.4

Attack vector:	NETWORK
Attack complexity:	LOW
Privileges required:	NONE
User interaction:	REQUIRED
Scope:	CHANGED
Confidentiality impact:	HIGH
Integrity impact:	NONE
Availability impact:	NONE

CVSSv3 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N

CWE: 20 (Improper Input Validation)

References:

CVE: CVE-2019-13674

Id: CVE-2019-13674

Reference: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13674

Comment : IDN spoofing in Omnibox in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name.

CVSSv2 Score: 4.3

Access vector:	NONE
Access complexity:	MEDIUM
Authentication:	NONE
Confidentiality impact:	NONE
Integrity impact:	PARTIAL
Availability impact:	NONE

CVSSv2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSSv3 Score: 4.3

Attack vector:	NETWORK
Attack complexity:	LOW
Privileges required:	NONE
User interaction:	REQUIRED
Scope:	UNCHANGED
Confidentiality impact:	NONE
Integrity impact:	LOW
Availability impact:	NONE

CVSSv3 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

CWE: 20 (Improper Input Validation)

References:

CVE: CVE-2019-13675

Id: CVE-2019-13675

Reference: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13675

Comment : Insufficient data validation in extensions in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to disable extensions via a crafted HTML page.

CVSSv2 Score: 4.3

Access vector:	NONE
Access complexity:	MEDIUM
Authentication:	NONE
Confidentiality impact:	NONE
Integrity impact:	PARTIAL
Availability impact:	NONE

CVSSv2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSSv3 Score: 4.3

Attack vector:	NETWORK
Attack complexity:	LOW
Privileges required:	NONE
User interaction:	REQUIRED
Scope:	UNCHANGED
Confidentiality impact:	NONE
Integrity impact:	LOW
Availability impact:	NONE

CVSSv3 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

CWE: 20 (Improper Input Validation)

References:

CVE: CVE-2019-13676

Id: CVE-2019-13676

Reference: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13676

Comment : Insufficient policy enforcement in Chromium in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to perform domain spoofing via a crafted HTML page.

CVSSv2 Score: 4.3

Access vector:	NONE
Access complexity:	MEDIUM
Authentication:	NONE
Confidentiality impact:	NONE
Integrity impact:	PARTIAL
Availability impact:	NONE

CVSSv2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSSv3 Score: 4.3

Attack vector:	NETWORK
Attack complexity:	LOW
Privileges required:	NONE
User interaction:	REQUIRED
Scope:	UNCHANGED
Confidentiality impact:	NONE
Integrity impact:	LOW
Availability impact:	NONE

CVSSv3 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

CWE: 732 (Incorrect Permission Assignment for Critical Resource)

References:

CVE: CVE-2019-13677

Id: CVE-2019-13677

Reference: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13677

Comment : Insufficient policy enforcement in site isolation in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to bypass site isolation via a crafted HTML page.

CVSSv2 Score: 4.3

Access vector:	NONE
Access complexity:	MEDIUM
Authentication:	NONE
Confidentiality impact:	PARTIAL
Integrity impact:	NONE
Availability impact:	NONE

CVSSv2 Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N

CVSSv3 Score: 6.5

Attack vector:	NETWORK
Attack complexity:	LOW
Privileges required:	NONE
User interaction:	REQUIRED
Scope:	UNCHANGED
Confidentiality impact:	HIGH
Integrity impact:	NONE
Availability impact:	NONE

CVSSv3 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

CWE: 732 (Incorrect Permission Assignment for Critical Resource)

References:

CVE: CVE-2019-13678

Id: CVE-2019-13678

Reference: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13678

Comment : Incorrect data validation in downloads in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to perform domain spoofing via a crafted HTML page.

CVSSv2 Score: 4.3

Access vector:	NONE
Access complexity:	MEDIUM
Authentication:	NONE
Confidentiality impact:	NONE
Integrity impact:	PARTIAL
Availability impact:	NONE

CVSSv2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSSv3 Score: 6.5

Attack vector:	NETWORK
Attack complexity:	LOW
Privileges required:	NONE
User interaction:	REQUIRED
Scope:	UNCHANGED
Confidentiality impact:	NONE
Integrity impact:	HIGH
Availability impact:	NONE

CVSSv3 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

CWE: 20 (Improper Input Validation)

References:

CVE: CVE-2019-13679

CVE: CVE-2019-13680

Id: CVE-2019-13680

Reference: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13680

Comment : Inappropriate implementation in TLS in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to spoof client IP address to websites via crafted TLS connections.

CVSSv2 Score: 5

Access vector:	NONE
Access complexity:	LOW
Authentication:	NONE
Confidentiality impact:	NONE
Integrity impact:	PARTIAL
Availability impact:	NONE

CVSSv2 Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N

CVSSv3 Score: 5.3

Attack vector:	NETWORK
Attack complexity:	LOW
Privileges required:	NONE
User interaction:	NONE
Scope:	UNCHANGED
Confidentiality impact:	NONE
Integrity impact:	LOW
Availability impact:	NONE

CVSSv3 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

CWE: 269 (Improper Privilege Management)

References:

CVE: CVE-2019-13681

Id: CVE-2019-13681

Reference: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13681

Comment : Insufficient data validation in downloads in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to bypass download restrictions via a crafted HTML page.

CVSSv2 Score: 4.3

Access vector:	NONE
Access complexity:	MEDIUM
Authentication:	NONE
Confidentiality impact:	NONE
Integrity impact:	PARTIAL
Availability impact:	NONE

CVSSv2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSSv3 Score: 4.3

Attack vector:	NETWORK
Attack complexity:	LOW
Privileges required:	NONE
User interaction:	REQUIRED
Scope:	UNCHANGED
Confidentiality impact:	NONE
Integrity impact:	LOW
Availability impact:	NONE

CVSSv3 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

CWE: 732 (Incorrect Permission Assignment for Critical Resource)

References:

CVE: CVE-2019-13682

Id: CVE-2019-13682

Reference: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13682

Comment : Insufficient policy enforcement in external protocol handling in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to bypass same origin policy via a crafted HTML page.

CVSSv2 Score: 6.8

Access vector:	PARTIAL
Access complexity:	MEDIUM
Authentication:	NONE
Confidentiality impact:	PARTIAL
Integrity impact:	PARTIAL
Availability impact:	PARTIAL

CVSSv2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSSv3 Score: 8.8

Attack vector:	NETWORK
Attack complexity:	LOW
Privileges required:	NONE
User interaction:	REQUIRED
Scope:	UNCHANGED
Confidentiality impact:	HIGH
Integrity impact:	HIGH
Availability impact:	HIGH

CVSSv3 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE: 732 (Incorrect Permission Assignment for Critical Resource)

References:

CVE: CVE-2019-13683

Id: CVE-2019-13683

Reference: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13683

Comment : Insufficient policy enforcement in developer tools in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

CVSSv2 Score: 4.3

Access vector:	NONE
Access complexity:	MEDIUM
Authentication:	NONE
Confidentiality impact:	PARTIAL
Integrity impact:	NONE
Availability impact:	NONE

CVSSv2 Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N

CVSSv3 Score: 6.5

Attack vector:	NETWORK
Attack complexity:	LOW
Privileges required:	NONE
User interaction:	REQUIRED
Scope:	UNCHANGED
Confidentiality impact:	HIGH
Integrity impact:	NONE
Availability impact:	NONE

CVSSv3 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

CWE: 732 (Incorrect Permission Assignment for Critical Resource)

References:

CVE: CVE-2019-13685

Id: CVE-2019-13685

Reference: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13685

Comment : Use after free in sharing view in Google Chrome prior to 77.0.3865.90 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

CVSSv2 Score: 6.8

Access vector:	PARTIAL
Access complexity:	MEDIUM
Authentication:	NONE
Confidentiality impact:	PARTIAL
Integrity impact:	PARTIAL
Availability impact:	PARTIAL

CVSSv2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSSv3 Score: 8.8

Attack vector:	NETWORK
Attack complexity:	LOW
Privileges required:	NONE
User interaction:	REQUIRED
Scope:	UNCHANGED
Confidentiality impact:	HIGH
Integrity impact:	HIGH
Availability impact:	HIGH

CVSSv3 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE: 416 (Use After Free)

References:

CVE: CVE-2019-13686

Id: CVE-2019-13686

Reference: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13686

Comment : Use after free in offline mode in Google Chrome prior to 77.0.3865.90 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

CVSSv2 Score: 6.8

Access vector:	PARTIAL
Access complexity:	MEDIUM
Authentication:	NONE
Confidentiality impact:	PARTIAL
Integrity impact:	PARTIAL
Availability impact:	PARTIAL

CVSSv2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSSv3 Score: 8.8

Attack vector:	NETWORK
Attack complexity:	LOW
Privileges required:	NONE
User interaction:	REQUIRED
Scope:	UNCHANGED
Confidentiality impact:	HIGH
Integrity impact:	HIGH
Availability impact:	HIGH

CVSSv3 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE: 416 (Use After Free)

References:

CVE: CVE-2019-13687

Id: CVE-2019-13687

Reference: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13687

Comment : Use after free in Blink in Google Chrome prior to 77.0.3865.90 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

CVSSv2 Score: 6.8

Access vector:	PARTIAL
Access complexity:	MEDIUM
Authentication:	NONE
Confidentiality impact:	PARTIAL
Integrity impact:	PARTIAL
Availability impact:	PARTIAL

CVSSv2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSSv3 Score: 8.8

Attack vector:	NETWORK
Attack complexity:	LOW
Privileges required:	NONE
User interaction:	REQUIRED
Scope:	UNCHANGED
Confidentiality impact:	HIGH
Integrity impact:	HIGH
Availability impact:	HIGH

CVSSv3 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE: 416 (Use After Free)

References:

CVE: CVE-2019-13688

Id: CVE-2019-13688

Reference: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13688

Comment : Use after free in Blink in Google Chrome prior to 77.0.3865.90 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

CVSSv2 Score: 6.8

Access vector:	PARTIAL
Access complexity:	MEDIUM
Authentication:	NONE
Confidentiality impact:	PARTIAL
Integrity impact:	PARTIAL
Availability impact:	PARTIAL

CVSSv2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSSv3 Score: 8.8

Attack vector:	NETWORK
Attack complexity:	LOW
Privileges required:	NONE
User interaction:	REQUIRED
Scope:	UNCHANGED
Confidentiality impact:	HIGH
Integrity impact:	HIGH
Availability impact:	HIGH

CVSSv3 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE: 416 (Use After Free)

References:

CVE: CVE-2019-13691

Id: CVE-2019-13691

Reference: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13691

Comment : Insufficient validation of untrusted input in navigation in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.

CVSSv2 Score: 4.3

Access vector:	NONE
Access complexity:	MEDIUM
Authentication:	NONE
Confidentiality impact:	NONE
Integrity impact:	PARTIAL
Availability impact:	NONE

CVSSv2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSSv3 Score: 4.3

Attack vector:	NETWORK
Attack complexity:	LOW
Privileges required:	NONE
User interaction:	REQUIRED
Scope:	UNCHANGED
Confidentiality impact:	NONE
Integrity impact:	LOW
Availability impact:	NONE

CVSSv3 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

CWE: 20 (Improper Input Validation)

References:

CVE: CVE-2019-13692

Id: CVE-2019-13692

Reference: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13692

Comment : Insufficient policy enforcement in reader mode in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to bypass site isolation via a crafted HTML page.

CVSSv2 Score: 6.8

Access vector:	PARTIAL
Access complexity:	MEDIUM
Authentication:	NONE
Confidentiality impact:	PARTIAL
Integrity impact:	PARTIAL
Availability impact:	PARTIAL

CVSSv2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSSv3 Score: 8.8

Attack vector:	NETWORK
Attack complexity:	LOW
Privileges required:	NONE
User interaction:	REQUIRED
Scope:	UNCHANGED
Confidentiality impact:	HIGH
Integrity impact:	HIGH
Availability impact:	HIGH

CVSSv3 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE: 20 (Improper Input Validation)

References:

CVE: CVE-2019-13693

Id: CVE-2019-13693

Reference: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13693

Comment : Use after free in IndexedDB in Google Chrome prior to 77.0.3865.120 allowed a remote attacker who had compromised the renderer process to execute arbitrary code via a crafted HTML page.

CVSSv2 Score: 6.8

Access vector:	PARTIAL
Access complexity:	MEDIUM
Authentication:	NONE
Confidentiality impact:	PARTIAL
Integrity impact:	PARTIAL
Availability impact:	PARTIAL

CVSSv2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSSv3 Score: 8.8

Attack vector:	NETWORK
Attack complexity:	LOW
Privileges required:	NONE
User interaction:	REQUIRED
Scope:	UNCHANGED
Confidentiality impact:	HIGH
Integrity impact:	HIGH
Availability impact:	HIGH

CVSSv3 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE: 416 (Use After Free)

References:

CVE: CVE-2019-13694

Id: CVE-2019-13694

Reference: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13694

Comment : Use after free in WebRTC in Google Chrome prior to 77.0.3865.120 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

CVSSv2 Score: 6.8

Access vector:	PARTIAL
Access complexity:	MEDIUM
Authentication:	NONE
Confidentiality impact:	PARTIAL
Integrity impact:	PARTIAL
Availability impact:	PARTIAL

CVSSv2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSSv3 Score: 8.8

Attack vector:	NETWORK
Attack complexity:	LOW
Privileges required:	NONE
User interaction:	REQUIRED
Scope:	UNCHANGED
Confidentiality impact:	HIGH
Integrity impact:	HIGH
Availability impact:	HIGH

CVSSv3 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE: 416 (Use After Free)

References:

CVE: CVE-2019-13695

Id: CVE-2019-13695

Reference: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13695

Comment : Use after free in audio in Google Chrome on Android prior to 77.0.3865.120 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

CVSSv2 Score: 6.8

Access vector:	PARTIAL
Access complexity:	MEDIUM
Authentication:	NONE
Confidentiality impact:	PARTIAL
Integrity impact:	PARTIAL
Availability impact:	PARTIAL

CVSSv2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSSv3 Score: 8.8

Attack vector:	NETWORK
Attack complexity:	LOW
Privileges required:	NONE
User interaction:	REQUIRED
Scope:	UNCHANGED
Confidentiality impact:	HIGH
Integrity impact:	HIGH
Availability impact:	HIGH

CVSSv3 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE: 416 (Use After Free)

References:

CVE: CVE-2019-13696

Id: CVE-2019-13696

Reference: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13696

Comment : Use after free in JavaScript in Google Chrome prior to 77.0.3865.120 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

CVSSv2 Score: 6.8

Access vector:	PARTIAL
Access complexity:	MEDIUM
Authentication:	NONE
Confidentiality impact:	PARTIAL
Integrity impact:	PARTIAL
Availability impact:	PARTIAL

CVSSv2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSSv3 Score: 8.8

Attack vector:	NETWORK
Attack complexity:	LOW
Privileges required:	NONE
User interaction:	REQUIRED
Scope:	UNCHANGED
Confidentiality impact:	HIGH
Integrity impact:	HIGH
Availability impact:	HIGH

CVSSv3 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE: 416 (Use After Free)

References:

CVE: CVE-2019-13697

Id: CVE-2019-13697

Reference: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13697

Comment : Insufficient policy enforcement in performance APIs in Google Chrome prior to 77.0.3865.120 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

CVSSv2 Score: 4.3

Access vector:	NONE
Access complexity:	MEDIUM
Authentication:	NONE
Confidentiality impact:	PARTIAL
Integrity impact:	NONE
Availability impact:	NONE

CVSSv2 Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N

CVSSv3 Score: 6.5

Attack vector:	NETWORK
Attack complexity:	LOW
Privileges required:	NONE
User interaction:	REQUIRED
Scope:	UNCHANGED
Confidentiality impact:	HIGH
Integrity impact:	NONE
Availability impact:	NONE

CVSSv3 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

CWE: 732 (Incorrect Permission Assignment for Critical Resource)

References:

CVE: CVE-2019-13699

Id: CVE-2019-13699

Reference: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13699

Comment : Use after free in media in Google Chrome prior to 78.0.3904.70 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.

CVSSv2 Score: 6.8

Access vector:	PARTIAL
Access complexity:	MEDIUM
Authentication:	NONE
Confidentiality impact:	PARTIAL
Integrity impact:	PARTIAL
Availability impact:	PARTIAL

CVSSv2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSSv3 Score: 8.8

Attack vector:	NETWORK
Attack complexity:	LOW
Privileges required:	NONE
User interaction:	REQUIRED
Scope:	UNCHANGED
Confidentiality impact:	HIGH
Integrity impact:	HIGH
Availability impact:	HIGH

CVSSv3 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE: 416 (Use After Free)

References:

CVE: CVE-2019-13700

CVE: CVE-2019-13701

CVE: CVE-2019-13702

Id: CVE-2019-13702

Reference: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13702

Comment : Inappropriate implementation in installer in Google Chrome on Windows prior to 78.0.3904.70 allowed a local attacker to perform privilege escalation via a crafted executable.

CVSSv2 Score: 6.8

Access vector:	PARTIAL
Access complexity:	MEDIUM
Authentication:	NONE
Confidentiality impact:	PARTIAL
Integrity impact:	PARTIAL
Availability impact:	PARTIAL

CVSSv2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSSv3 Score: 7.8

Attack vector:	LOCAL
Attack complexity:	LOW
Privileges required:	NONE
User interaction:	REQUIRED
Scope:	UNCHANGED
Confidentiality impact:	HIGH
Integrity impact:	HIGH
Availability impact:	HIGH

CVSSv3 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE: 269 (Improper Privilege Management)

References:

CVE: CVE-2019-13703

Id: CVE-2019-13703

Reference: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13703

Comment : Insufficient policy enforcement in the Omnibox in Google Chrome on Android prior to 78.0.3904.70 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.

CVSSv2 Score: 4.3

Access vector:	NONE
Access complexity:	MEDIUM
Authentication:	NONE
Confidentiality impact:	NONE
Integrity impact:	PARTIAL
Availability impact:	NONE

CVSSv2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSSv3 Score: 4.3

Attack vector:	NETWORK
Attack complexity:	LOW
Privileges required:	NONE
User interaction:	REQUIRED
Scope:	UNCHANGED
Confidentiality impact:	NONE
Integrity impact:	LOW
Availability impact:	NONE

CVSSv3 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

CWE: 290 (Authentication Bypass by Spoofing)

References:

CVE: CVE-2019-13704

CVE: CVE-2019-13705

Id: CVE-2019-13705

Reference: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13705

Comment : Insufficient policy enforcement in extensions in Google Chrome prior to 78.0.3904.70 allowed an attacker who convinced a user to install a malicious extension to leak cross-origin data via a crafted Chrome Extension.

CVSSv2 Score: 4.3

Access vector:	NONE
Access complexity:	MEDIUM
Authentication:	NONE
Confidentiality impact:	PARTIAL
Integrity impact:	NONE
Availability impact:	NONE

CVSSv2 Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N

CVSSv3 Score: 4.3

Attack vector:	NETWORK
Attack complexity:	LOW
Privileges required:	NONE
User interaction:	REQUIRED
Scope:	UNCHANGED
Confidentiality impact:	LOW
Integrity impact:	NONE
Availability impact:	NONE

CVSSv3 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

CWE: 200 (Information Exposure)

References:

CVE: CVE-2019-13706

Id: CVE-2019-13706

Reference: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13706

Comment : Out of bounds memory access in PDFium in Google Chrome prior to 78.0.3904.70 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.

CVSSv2 Score: 6.8

Access vector:	PARTIAL
Access complexity:	MEDIUM
Authentication:	NONE
Confidentiality impact:	PARTIAL
Integrity impact:	PARTIAL
Availability impact:	PARTIAL

CVSSv2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSSv3 Score: 7.8

Attack vector:	LOCAL
Attack complexity:	LOW
Privileges required:	NONE
User interaction:	REQUIRED
Scope:	UNCHANGED
Confidentiality impact:	HIGH
Integrity impact:	HIGH
Availability impact:	HIGH

CVSSv3 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE: 125 (Out-of-bounds Read)

References:

CVE: CVE-2019-13707

Id: CVE-2019-13707

Reference: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13707

Comment : Insufficient validation of untrusted input in intents in Google Chrome on Android prior to 78.0.3904.70 allowed a local attacker to leak files via a crafted application.

CVSSv2 Score: 4.3

Access vector:	NONE
Access complexity:	MEDIUM
Authentication:	NONE
Confidentiality impact:	PARTIAL
Integrity impact:	NONE
Availability impact:	NONE

CVSSv2 Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N

CVSSv3 Score: 5.5

Attack vector:	LOCAL
Attack complexity:	LOW
Privileges required:	NONE
User interaction:	REQUIRED
Scope:	UNCHANGED
Confidentiality impact:	HIGH
Integrity impact:	NONE
Availability impact:	NONE

CVSSv3 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

CWE: 200 (Information Exposure)

References:

CVE: CVE-2019-13708

CVE: CVE-2019-13709

CVE: CVE-2019-13710

Id: CVE-2019-13710

Reference: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13710

Comment : Insufficient validation of untrusted input in downloads in Google Chrome prior to 78.0.3904.70 allowed a remote attacker to bypass download restrictions via a crafted HTML page.

CVSSv2 Score: 4.3

Access vector:	NONE
Access complexity:	MEDIUM
Authentication:	NONE
Confidentiality impact:	NONE
Integrity impact:	PARTIAL
Availability impact:	NONE

CVSSv2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSSv3 Score: 4.3

Attack vector:	NETWORK
Attack complexity:	LOW
Privileges required:	NONE
User interaction:	REQUIRED
Scope:	UNCHANGED
Confidentiality impact:	NONE
Integrity impact:	LOW
Availability impact:	NONE

CVSSv3 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

CWE: 20 (Improper Input Validation)

References:

CVE: CVE-2019-13711

Id: CVE-2019-13711

Reference: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13711

Comment : Insufficient policy enforcement in JavaScript in Google Chrome prior to 78.0.3904.70 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

CVSSv2 Score: 5

Access vector:	NONE
Access complexity:	LOW
Authentication:	NONE
Confidentiality impact:	PARTIAL
Integrity impact:	NONE
Availability impact:	NONE

CVSSv2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSSv3 Score: 5.3

Attack vector:	NETWORK
Attack complexity:	LOW
Privileges required:	NONE
User interaction:	NONE
Scope:	UNCHANGED
Confidentiality impact:	LOW
Integrity impact:	NONE
Availability impact:	NONE

CVSSv3 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CWE: 200 (Information Exposure)

References:

CVE: CVE-2019-13713

Id: CVE-2019-13713

Reference: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13713

Comment : Insufficient policy enforcement in JavaScript in Google Chrome prior to 78.0.3904.70 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

CVSSv2 Score: 4.3

Access vector:	NONE
Access complexity:	MEDIUM
Authentication:	NONE
Confidentiality impact:	PARTIAL
Integrity impact:	NONE
Availability impact:	NONE

CVSSv2 Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N

CVSSv3 Score: 6.5

Attack vector:	NETWORK
Attack complexity:	LOW
Privileges required:	NONE
User interaction:	REQUIRED
Scope:	UNCHANGED
Confidentiality impact:	HIGH
Integrity impact:	NONE
Availability impact:	NONE

CVSSv3 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

CWE: 200 (Information Exposure)

References:

CVE: CVE-2019-13714

CVE: CVE-2019-13715

Id: CVE-2019-13715

Reference: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13715

Comment : Insufficient validation of untrusted input in Omnibox in Google Chrome prior to 78.0.3904.70 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name.

CVSSv2 Score: 4.3

Access vector:	NONE
Access complexity:	MEDIUM
Authentication:	NONE
Confidentiality impact:	NONE
Integrity impact:	PARTIAL
Availability impact:	NONE

CVSSv2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSSv3 Score: 4.3

Attack vector:	NETWORK
Attack complexity:	LOW
Privileges required:	NONE
User interaction:	REQUIRED
Scope:	UNCHANGED
Confidentiality impact:	NONE
Integrity impact:	LOW
Availability impact:	NONE

CVSSv3 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

CWE: 290 (Authentication Bypass by Spoofing)

References:

CVE: CVE-2019-13716

Id: CVE-2019-13716

Reference: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13716

Comment : Insufficient policy enforcement in service workers in Google Chrome prior to 78.0.3904.70 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.

CVSSv2 Score: 4.3

Access vector:	NONE
Access complexity:	MEDIUM
Authentication:	NONE
Confidentiality impact:	NONE
Integrity impact:	PARTIAL
Availability impact:	NONE

CVSSv2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSSv3 Score: 4.3

Attack vector:	NETWORK
Attack complexity:	LOW
Privileges required:	NONE
User interaction:	REQUIRED
Scope:	UNCHANGED
Confidentiality impact:	NONE
Integrity impact:	LOW
Availability impact:	NONE

CVSSv3 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

CWE: 863 (Incorrect Authorization)

References:

CVE: CVE-2019-13717

Id: CVE-2019-13717

Reference: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13717

Comment : Incorrect security UI in full screen mode in Google Chrome prior to 78.0.3904.70 allowed a remote attacker to hide security UI via a crafted HTML page.

CVSSv2 Score: 4.3

Access vector:	NONE
Access complexity:	MEDIUM
Authentication:	NONE
Confidentiality impact:	NONE
Integrity impact:	PARTIAL
Availability impact:	NONE

CVSSv2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSSv3 Score: 4.3

Attack vector:	NETWORK
Attack complexity:	LOW
Privileges required:	NONE
User interaction:	REQUIRED
Scope:	UNCHANGED
Confidentiality impact:	NONE
Integrity impact:	LOW
Availability impact:	NONE

CVSSv3 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

CWE: 922 ()

References:

CVE: CVE-2019-13718

Id: CVE-2019-13718

Reference: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13718

Comment : Insufficient data validation in Omnibox in Google Chrome prior to 78.0.3904.70 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name.

CVSSv2 Score: 4.3

Access vector:	NONE
Access complexity:	MEDIUM
Authentication:	NONE
Confidentiality impact:	NONE
Integrity impact:	PARTIAL
Availability impact:	NONE

CVSSv2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSSv3 Score: 4.3

Attack vector:	NETWORK
Attack complexity:	LOW
Privileges required:	NONE
User interaction:	REQUIRED
Scope:	UNCHANGED
Confidentiality impact:	NONE
Integrity impact:	LOW
Availability impact:	NONE

CVSSv3 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

CWE: 20 (Improper Input Validation)

References:

CVE: CVE-2019-13719

Id: CVE-2019-13719

Reference: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13719

Comment : Incorrect security UI in full screen mode in Google Chrome prior to 78.0.3904.70 allowed a remote attacker to hide security UI via a crafted HTML page.

CVSSv2 Score: 4.3

Access vector:	NONE
Access complexity:	MEDIUM
Authentication:	NONE
Confidentiality impact:	NONE
Integrity impact:	PARTIAL
Availability impact:	NONE

CVSSv2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSSv3 Score: 4.3

Attack vector:	NETWORK
Attack complexity:	LOW
Privileges required:	NONE
User interaction:	REQUIRED
Scope:	UNCHANGED
Confidentiality impact:	NONE
Integrity impact:	LOW
Availability impact:	NONE

CVSSv3 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

CWE: 922 ()

References:

CVE: CVE-2019-13720

Id: CVE-2019-13720

Reference: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13720

Comment : Use after free in WebAudio in Google Chrome prior to 78.0.3904.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

CVSSv2 Score: 6.8

Access vector:	PARTIAL
Access complexity:	MEDIUM
Authentication:	NONE
Confidentiality impact:	PARTIAL
Integrity impact:	PARTIAL
Availability impact:	PARTIAL

CVSSv2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSSv3 Score: 8.8

Attack vector:	NETWORK
Attack complexity:	LOW
Privileges required:	NONE
User interaction:	REQUIRED
Scope:	UNCHANGED
Confidentiality impact:	HIGH
Integrity impact:	HIGH
Availability impact:	HIGH

CVSSv3 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE: 416 (Use After Free)

References:

CVE: CVE-2019-13721

Id: CVE-2019-13721

Reference: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13721

Comment : Use after free in PDFium in Google Chrome prior to 78.0.3904.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

CVSSv2 Score: 6.8

Access vector:	PARTIAL
Access complexity:	MEDIUM
Authentication:	NONE
Confidentiality impact:	PARTIAL
Integrity impact:	PARTIAL
Availability impact:	PARTIAL

CVSSv2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSSv3 Score: 8.8

Attack vector:	NETWORK
Attack complexity:	LOW
Privileges required:	NONE
User interaction:	REQUIRED
Scope:	UNCHANGED
Confidentiality impact:	HIGH
Integrity impact:	HIGH
Availability impact:	HIGH

CVSSv3 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE: 416 (Use After Free)

References:


	2008-2020, © AO ALTEX-SOFT , ovaldb@altx-soft.com OVAL and the OVAL logo are registered trademarks of The MITRE Corporation. Other names may be trademarks of their respective owners.

Professional OVAL Repository