Professional OVAL Repository
[Eng]
[Rus]
[Sign-In]
OVAL
Search
Categories
RedCheck
About
OVAL Definitions
OVAL Items
FSTEC Data Bank Information Security Threats
NKCKI
EOL (End Of Life)
Linux Security Advisories
Mozilla Foundation Security Advisory
IBM
VMware
Cisco
Check Point Software Technologies
Apache
Solaris
FreeBSD
Development
GitHub Enterprise
Google Chrome Security Advisories
Oracle Security Advisories
Adobe Security Advisories
OpenSSL Security Advisories
Microsoft
CVE
CWE
CPE
Latest Updates
OS ROSA
ALT Linux
Astra Linux SE 1.5
Astra Linux SE 1.6
RED OS
DSA (Debian Security Advisory) Patсh Statistics
DSA (Debian Security Advisory) Patсh Feed
DSA (Debian Security Advisory) Vulnerability Feed
DLA (Debian Security Advisory) Patсh Statistics
DLA (Debian Security Advisory) Patсh Feed
DLA (Debian Security Advisory) Vulnerability Feed
ALT Linux (Security Bulletins) Patсh Statistics
ALT Linux (Security Bulletins) Patсh Feed
ALT Linux (Security Bulletins) Vulnerability Feed
RED OS (Security Bulletins) Patсh Statistics
RED OS (Security Bulletins) Patсh Feed
RED OS (Security Bulletins) Vulnerability Feed
USN (Ubuntu Security Notice) Patсh Statistics
USN (Ubuntu Security Notice) Patсh Feed
USN (Ubuntu Security Notice) Vulnerability Feed
RHSA (RedHat Security Advisory) Patсh Statistics
RHSA (RedHat Security Advisory) Patсh Feed
RHSA (RedHat Security Advisory) Vulnerability Feed
ELSA (Oracle Linux Security Advisory) Patсh Statistics
ELSA (Oracle Linux Security Advisory) Patсh Feed
ELSA (Oracle Linux Security Advisory) Vulnerability Feed
SUSE (SUSE Security Advisories) Patсh Statistics
SUSE (SUSE Security Advisories) Patсh Feed
SUSE (SUSE Security Advisories) Vulnerability Feed
openSUSE (openSUSE Security Advisories) Patсh Statistics
openSUSE (openSUSE Security Advisories) Patсh Feed
openSUSE (openSUSE Security Advisories) Vulnerability Feed
Amazon Linux AMI (Security Bulletins) Patсh Statistics
Amazon Linux AMI (Security Bulletins) Patсh Feed
Amazon Linux AMI (Security Bulletins) Vulnerability Feed
Mageia Linux (Security Bulletins) Patсh Statistics
Mageia Linux (Security Bulletins) Patсh Feed
Mageia Linux (Security Bulletins) Vulnerability Feed
OS ROSA SX COBALT 1.0
OS ROSA DX COBALT 1.0
ROSA 7.3 (Security Advisories) Patсh Statistics
ROSA 7.3 (Security Advisories) Patсh Feed
ROSA 7.3 (Security Advisories) Vulnerability Feed
ALT Linux SPT 6.0
ALT Linux SPT 7.0
ALT 8 SP
ALT 9
RED OS Murom 7.1
RED OS Murom 7.2
IBM DB2
VMware Vulnerabilities Advisory (VMSA)
VMware vCenter Patch Advisories
VMware ESXi Patch Advisories
VMware NSX Patches
VMware NSX Vulnerabilities
VMware Photon OS 1.0 Patches
VMware Photon OS 1.0 Vulnerabilities
VMware Photon OS 2.0 Patches
VMware Photon OS 2.0 Vulnerabilities
Cisco ASA
Cisco IOS/NX-OS Advisory
Cisco NX-OS Vulnerabilities
Check Point Gaia
Apache Tomcat Advisories
Apache Tomcat Server
Apache HTTP Server
Python
Node.js
RubyGems
Qt
Microsoft Security Bulletin
Microsoft Knowledge Base Article
Microsoft SharePoint
Microsoft SharePoint Foundation 2013
Microsoft SharePoint Server 2013
Microsoft SharePoint Server 2016
About OVALdb
User manual
Pricing
Contact us
OVAL Definitions
>
OVAL Definition Details
Id
oval:ru.altx-soft.nix:def:120721
[Eng]
Version
11
Class
patch
ALTXid
307134
Language
Russian
Severity
Critical
Title
Обновление openSUSE-SU-2019:2447-1 -- обновление безопасности для chromium
Description
This update for chromium fixes the security issues.
Family
unix
Platform
SUSE Package Hub 12
Product
chromium
Reference
VENDOR: openSUSE-SU-2019:2447-1
VENDOR: openSUSE-SU-2019:2447-1
Id:
openSUSE-SU-2019:2447-1
Reference:
http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00013.html
CVE: CVE-2019-13659
CVE: CVE-2019-13659
Id:
CVE-2019-13659
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13659
Comment
: IDN spoofing in Omnibox in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name.
CVSSv2 Score:
4.3
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
PARTIAL
Availability impact:
NONE
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:N/I:P/A:N
CVSSv3 Score:
4.3
Attack vector:
NETWORK
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality impact:
NONE
Integrity impact:
LOW
Availability impact:
NONE
CVSSv3 Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
References:
https://crbug.com/868846 ()
https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop.html ()
CVE: CVE-2019-13660
CVE: CVE-2019-13660
Id:
CVE-2019-13660
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13660
Comment
: UI spoofing in Chromium in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to spoof notifications via a crafted HTML page.
CVSSv2 Score:
4.3
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
PARTIAL
Availability impact:
NONE
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:N/I:P/A:N
CVSSv3 Score:
5.3
Attack vector:
NETWORK
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
NONE
Scope:
UNCHANGED
Confidentiality impact:
NONE
Integrity impact:
LOW
Availability impact:
NONE
CVSSv3 Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
References:
https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop.html ()
https://crbug.com/882363 ()
CVE: CVE-2019-13661
CVE: CVE-2019-13661
Id:
CVE-2019-13661
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13661
Comment
: UI spoofing in Chromium in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to spoof notifications via a crafted HTML page.
CVSSv2 Score:
4.3
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
PARTIAL
Availability impact:
NONE
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:N/I:P/A:N
CVSSv3 Score:
4.3
Attack vector:
NETWORK
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality impact:
NONE
Integrity impact:
LOW
Availability impact:
NONE
CVSSv3 Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
References:
https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop.html ()
https://crbug.com/882812 ()
CVE: CVE-2019-13662
CVE: CVE-2019-13662
Id:
CVE-2019-13662
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13662
Comment
: Insufficient policy enforcement in navigations in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to bypass content security policy via a crafted HTML page.
CVSSv2 Score:
4.3
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
PARTIAL
Availability impact:
NONE
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:N/I:P/A:N
CVSSv3 Score:
6.5
Attack vector:
NETWORK
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality impact:
NONE
Integrity impact:
HIGH
Availability impact:
NONE
CVSSv3 Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
CWE:
276 (Incorrect Default Permissions)
References:
https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop.html ()
https://crbug.com/967780 ()
CVE: CVE-2019-13663
CVE: CVE-2019-13663
Id:
CVE-2019-13663
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13663
Comment
: IDN spoofing in Omnibox in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name.
CVSSv2 Score:
4.3
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
PARTIAL
Availability impact:
NONE
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:N/I:P/A:N
CVSSv3 Score:
4.3
Attack vector:
NETWORK
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality impact:
NONE
Integrity impact:
LOW
Availability impact:
NONE
CVSSv3 Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
References:
https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop.html ()
https://crbug.com/863661 ()
CVE: CVE-2019-13664
CVE: CVE-2019-13664
Id:
CVE-2019-13664
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13664
Comment
: Insufficient policy enforcement in Blink in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to bypass content security policy via a crafted HTML page.
CVSSv2 Score:
4.3
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
PARTIAL
Availability impact:
NONE
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:N/I:P/A:N
CVSSv3 Score:
6.5
Attack vector:
NETWORK
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality impact:
NONE
Integrity impact:
HIGH
Availability impact:
NONE
CVSSv3 Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
CWE:
346 (Origin Validation Error)
References:
https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop.html ()
https://crbug.com/915538 ()
CVE: CVE-2019-13665
CVE: CVE-2019-13665
Id:
CVE-2019-13665
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13665
Comment
: Insufficient filtering in Blink in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to bypass multiple file download protection via a crafted HTML page.
CVSSv2 Score:
4.3
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
PARTIAL
Availability impact:
NONE
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:N/I:P/A:N
CVSSv3 Score:
6.5
Attack vector:
NETWORK
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality impact:
NONE
Integrity impact:
HIGH
Availability impact:
NONE
CVSSv3 Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
CWE:
732 (Incorrect Permission Assignment for Critical Resource)
References:
https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop.html ()
https://crbug.com/959640 ()
CVE: CVE-2019-13666
CVE: CVE-2019-13666
Id:
CVE-2019-13666
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13666
Comment
: Information leak in storage in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
CVSSv2 Score:
4.3
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
NONE
Availability impact:
NONE
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:P/I:N/A:N
CVSSv3 Score:
7.4
Attack vector:
NETWORK
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
REQUIRED
Scope:
CHANGED
Confidentiality impact:
HIGH
Integrity impact:
NONE
Availability impact:
NONE
CVSSv3 Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N
CWE:
203 (Information Exposure Through Discrepancy)
References:
https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop.html ()
https://crbug.com/960305 ()
CVE: CVE-2019-13667
CVE: CVE-2019-13667
Id:
CVE-2019-13667
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13667
Comment
: Inappropriate implementation in Omnibox in Google Chrome on iOS prior to 77.0.3865.75 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.
CVSSv2 Score:
4.3
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
PARTIAL
Availability impact:
NONE
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:N/I:P/A:N
CVSSv3 Score:
4.3
Attack vector:
NETWORK
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality impact:
NONE
Integrity impact:
LOW
Availability impact:
NONE
CVSSv3 Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
References:
https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop.html ()
https://crbug.com/973056 ()
CVE: CVE-2019-13668
CVE: CVE-2019-13668
Id:
CVE-2019-13668
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13668
Comment
: Insufficient policy enforcement in developer tools in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
CVSSv2 Score:
4.3
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
NONE
Availability impact:
NONE
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:P/I:N/A:N
CVSSv3 Score:
7.4
Attack vector:
NETWORK
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
REQUIRED
Scope:
CHANGED
Confidentiality impact:
HIGH
Integrity impact:
NONE
Availability impact:
NONE
CVSSv3 Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N
CWE:
281 (Improper Preservation of Permissions)
References:
https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop.html ()
https://crbug.com/986393 ()
CVE: CVE-2019-13669
CVE: CVE-2019-13669
Id:
CVE-2019-13669
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13669
Comment
: Incorrect data validation in navigation in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.
CVSSv2 Score:
4.3
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
PARTIAL
Availability impact:
NONE
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:N/I:P/A:N
CVSSv3 Score:
4.3
Attack vector:
NETWORK
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality impact:
NONE
Integrity impact:
LOW
Availability impact:
NONE
CVSSv3 Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
References:
https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop.html ()
https://crbug.com/968451 ()
CVE: CVE-2019-13670
CVE: CVE-2019-13670
Id:
CVE-2019-13670
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13670
Comment
: Insufficient data validation in JavaScript in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVSSv2 Score:
4.3
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:N/I:N/A:P
CVSSv3 Score:
6.5
Attack vector:
NETWORK
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CWE:
787 (Out-of-bounds Write)
References:
https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop.html ()
https://crbug.com/980891 ()
CVE: CVE-2019-13671
CVE: CVE-2019-13671
Id:
CVE-2019-13671
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13671
Comment
: UI spoofing in Blink in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to spoof security UI via a crafted HTML page.
CVSSv2 Score:
4.3
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
PARTIAL
Availability impact:
NONE
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:N/I:P/A:N
CVSSv3 Score:
4.3
Attack vector:
NETWORK
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality impact:
NONE
Integrity impact:
LOW
Availability impact:
NONE
CVSSv3 Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
References:
https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop.html ()
https://crbug.com/696454 ()
CVE: CVE-2019-13673
CVE: CVE-2019-13673
Id:
CVE-2019-13673
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13673
Comment
: Insufficient data validation in developer tools in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
CVSSv2 Score:
4.3
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
NONE
Availability impact:
NONE
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:P/I:N/A:N
CVSSv3 Score:
7.4
Attack vector:
NETWORK
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
REQUIRED
Scope:
CHANGED
Confidentiality impact:
HIGH
Integrity impact:
NONE
Availability impact:
NONE
CVSSv3 Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N
CWE:
862 (Missing Authorization)
References:
https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop.html ()
https://crbug.com/997925 ()
CVE: CVE-2019-13674
CVE: CVE-2019-13674
Id:
CVE-2019-13674
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13674
Comment
: IDN spoofing in Omnibox in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name.
CVSSv2 Score:
4.3
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
PARTIAL
Availability impact:
NONE
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:N/I:P/A:N
CVSSv3 Score:
4.3
Attack vector:
NETWORK
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality impact:
NONE
Integrity impact:
LOW
Availability impact:
NONE
CVSSv3 Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
References:
https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop.html ()
https://crbug.com/896533 ()
CVE: CVE-2019-13675
CVE: CVE-2019-13675
Id:
CVE-2019-13675
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13675
Comment
: Insufficient data validation in extensions in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to disable extensions via a crafted HTML page.
CVSSv2 Score:
4.3
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
PARTIAL
Availability impact:
NONE
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:N/I:P/A:N
CVSSv3 Score:
4.3
Attack vector:
NETWORK
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality impact:
NONE
Integrity impact:
LOW
Availability impact:
NONE
CVSSv3 Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
CWE:
20 (Improper Input Validation)
References:
https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop.html ()
https://crbug.com/929578 ()
CVE: CVE-2019-13676
CVE: CVE-2019-13676
Id:
CVE-2019-13676
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13676
Comment
: Insufficient policy enforcement in Chromium in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to perform domain spoofing via a crafted HTML page.
CVSSv2 Score:
4.3
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
PARTIAL
Availability impact:
NONE
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:N/I:P/A:N
CVSSv3 Score:
4.3
Attack vector:
NETWORK
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality impact:
NONE
Integrity impact:
LOW
Availability impact:
NONE
CVSSv3 Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
CWE:
732 (Incorrect Permission Assignment for Critical Resource)
References:
https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop.html ()
https://crbug.com/875178 ()
CVE: CVE-2019-13677
CVE: CVE-2019-13677
Id:
CVE-2019-13677
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13677
Comment
: Insufficient policy enforcement in site isolation in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to bypass site isolation via a crafted HTML page.
CVSSv2 Score:
4.3
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
NONE
Availability impact:
NONE
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:P/I:N/A:N
CVSSv3 Score:
6.5
Attack vector:
NETWORK
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
NONE
Availability impact:
NONE
CVSSv3 Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
CWE:
732 (Incorrect Permission Assignment for Critical Resource)
References:
https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop.html ()
https://crbug.com/939108 ()
CVE: CVE-2019-13678
CVE: CVE-2019-13678
Id:
CVE-2019-13678
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13678
Comment
: Incorrect data validation in downloads in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to perform domain spoofing via a crafted HTML page.
CVSSv2 Score:
4.3
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
PARTIAL
Availability impact:
NONE
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:N/I:P/A:N
CVSSv3 Score:
6.5
Attack vector:
NETWORK
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality impact:
NONE
Integrity impact:
HIGH
Availability impact:
NONE
CVSSv3 Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
References:
https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop.html ()
https://crbug.com/946633 ()
CVE: CVE-2019-13679
CVE: CVE-2019-13679
Id:
CVE-2019-13679
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13679
Comment
: Insufficient policy enforcement in PDFium in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to show print dialogs via a crafted PDF file.
CVSSv2 Score:
4.3
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
NONE
Availability impact:
NONE
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:P/I:N/A:N
CVSSv3 Score:
3.3
Attack vector:
LOCAL
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality impact:
LOW
Integrity impact:
NONE
Availability impact:
NONE
CVSSv3 Vector:
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
CWE:
732 (Incorrect Permission Assignment for Critical Resource)
References:
https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop.html ()
https://crbug.com/968914 ()
CVE: CVE-2019-13680
CVE: CVE-2019-13680
Id:
CVE-2019-13680
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13680
Comment
: Inappropriate implementation in TLS in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to spoof client IP address to websites via crafted TLS connections.
CVSSv2 Score:
5
Access vector:
NETWORK
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
PARTIAL
Availability impact:
NONE
CVSSv2 Vector:
AV:N/AC:L/Au:N/C:N/I:P/A:N
CVSSv3 Score:
5.3
Attack vector:
NETWORK
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
NONE
Scope:
UNCHANGED
Confidentiality impact:
NONE
Integrity impact:
LOW
Availability impact:
NONE
CVSSv3 Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
References:
https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop.html ()
https://crbug.com/969684 ()
CVE: CVE-2019-13681
CVE: CVE-2019-13681
Id:
CVE-2019-13681
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13681
Comment
: Insufficient data validation in downloads in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to bypass download restrictions via a crafted HTML page.
CVSSv2 Score:
4.3
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
PARTIAL
Availability impact:
NONE
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:N/I:P/A:N
CVSSv3 Score:
4.3
Attack vector:
NETWORK
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality impact:
NONE
Integrity impact:
LOW
Availability impact:
NONE
CVSSv3 Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
CWE:
732 (Incorrect Permission Assignment for Critical Resource)
References:
https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop.html ()
https://crbug.com/970378 ()
CVE: CVE-2019-13682
CVE: CVE-2019-13682
Id:
CVE-2019-13682
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13682
Comment
: Insufficient policy enforcement in external protocol handling in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to bypass same origin policy via a crafted HTML page.
CVSSv2 Score:
6.8
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
PARTIAL
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSSv3 Score:
8.8
Attack vector:
NETWORK
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
HIGH
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE:
281 (Improper Preservation of Permissions)
References:
https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop.html ()
https://crbug.com/971917 ()
CVE: CVE-2019-13683
CVE: CVE-2019-13683
Id:
CVE-2019-13683
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13683
Comment
: Insufficient policy enforcement in developer tools in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
CVSSv2 Score:
4.3
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
NONE
Availability impact:
NONE
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:P/I:N/A:N
CVSSv3 Score:
6.5
Attack vector:
NETWORK
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
NONE
Availability impact:
NONE
CVSSv3 Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
CWE:
755 (Improper Handling of Exceptional Conditions)
References:
https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop.html ()
https://crbug.com/987502 ()
CVE: CVE-2019-13685
CVE: CVE-2019-13685
Id:
CVE-2019-13685
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13685
Comment
: Use after free in sharing view in Google Chrome prior to 77.0.3865.90 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVSSv2 Score:
6.8
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
PARTIAL
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSSv3 Score:
8.8
Attack vector:
NETWORK
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
HIGH
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE:
416 (Use After Free)
References:
https://crbug.com/1000934 ()
https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop_18.html ()
CVE: CVE-2019-13686
CVE: CVE-2019-13686
Id:
CVE-2019-13686
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13686
Comment
: Use after free in offline mode in Google Chrome prior to 77.0.3865.90 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVSSv2 Score:
6.8
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
PARTIAL
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSSv3 Score:
8.8
Attack vector:
NETWORK
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
HIGH
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE:
416 (Use After Free)
References:
https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop_18.html ()
https://crbug.com/1000002 ()
CVE: CVE-2019-13687
CVE: CVE-2019-13687
Id:
CVE-2019-13687
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13687
Comment
: Use after free in Blink in Google Chrome prior to 77.0.3865.90 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVSSv2 Score:
6.8
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
PARTIAL
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSSv3 Score:
8.8
Attack vector:
NETWORK
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
HIGH
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE:
416 (Use After Free)
References:
https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop_18.html ()
https://crbug.com/998548 ()
CVE: CVE-2019-13688
CVE: CVE-2019-13688
Id:
CVE-2019-13688
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13688
Comment
: Use after free in Blink in Google Chrome prior to 77.0.3865.90 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVSSv2 Score:
6.8
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
PARTIAL
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSSv3 Score:
8.8
Attack vector:
NETWORK
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
HIGH
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE:
416 (Use After Free)
References:
https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop_18.html ()
https://crbug.com/995964 ()
CVE: CVE-2019-13693
CVE: CVE-2019-13693
Id:
CVE-2019-13693
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13693
Comment
: Use after free in IndexedDB in Google Chrome prior to 77.0.3865.120 allowed a remote attacker who had compromised the renderer process to execute arbitrary code via a crafted HTML page.
CVSSv2 Score:
6.8
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
PARTIAL
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSSv3 Score:
8.8
Attack vector:
NETWORK
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
HIGH
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE:
416 (Use After Free)
References:
https://crbug.com/1005753 ()
https://chromereleases.googleblog.com/2019/10/stable-channel-update-for-desktop.html ()
CVE: CVE-2019-13694
CVE: CVE-2019-13694
Id:
CVE-2019-13694
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13694
Comment
: Use after free in WebRTC in Google Chrome prior to 77.0.3865.120 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVSSv2 Score:
6.8
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
PARTIAL
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSSv3 Score:
8.8
Attack vector:
NETWORK
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
HIGH
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE:
416 (Use After Free)
References:
https://chromereleases.googleblog.com/2019/10/stable-channel-update-for-desktop.html ()
https://crbug.com/1005251 ()
CVE: CVE-2019-13695
CVE: CVE-2019-13695
Id:
CVE-2019-13695
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13695
Comment
: Use after free in audio in Google Chrome on Android prior to 77.0.3865.120 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVSSv2 Score:
6.8
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
PARTIAL
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSSv3 Score:
8.8
Attack vector:
NETWORK
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
HIGH
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE:
416 (Use After Free)
References:
https://chromereleases.googleblog.com/2019/10/stable-channel-update-for-desktop.html ()
https://crbug.com/1004730 ()
CVE: CVE-2019-13696
CVE: CVE-2019-13696
Id:
CVE-2019-13696
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13696
Comment
: Use after free in JavaScript in Google Chrome prior to 77.0.3865.120 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVSSv2 Score:
6.8
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
PARTIAL
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSSv3 Score:
8.8
Attack vector:
NETWORK
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
HIGH
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE:
416 (Use After Free)
References:
https://chromereleases.googleblog.com/2019/10/stable-channel-update-for-desktop.html ()
https://crbug.com/1000635 ()
CVE: CVE-2019-13697
CVE: CVE-2019-13697
Id:
CVE-2019-13697
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13697
Comment
: Insufficient policy enforcement in performance APIs in Google Chrome prior to 77.0.3865.120 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
CVSSv2 Score:
4.3
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
NONE
Availability impact:
NONE
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:P/I:N/A:N
CVSSv3 Score:
6.5
Attack vector:
NETWORK
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
NONE
Availability impact:
NONE
CVSSv3 Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
CWE:
209 (Information Exposure Through an Error Message)
References:
https://chromereleases.googleblog.com/2019/10/stable-channel-update-for-desktop.html ()
https://crbug.com/990849 ()
CVE: CVE-2019-13699
CVE: CVE-2019-13699
Id:
CVE-2019-13699
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13699
Comment
: Use after free in media in Google Chrome prior to 78.0.3904.70 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.
CVSSv2 Score:
6.8
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
PARTIAL
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSSv3 Score:
8.8
Attack vector:
NETWORK
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
HIGH
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE:
416 (Use After Free)
References:
https://crbug.com/1001503 ()
https://chromereleases.googleblog.com/2019/10/stable-channel-update-for-desktop_22.html ()
openSUSE-SU-2020:0010 ()
CVE: CVE-2019-13700
CVE: CVE-2019-13700
Id:
CVE-2019-13700
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13700
Comment
: Out of bounds memory access in the gamepad API in Google Chrome prior to 78.0.3904.70 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.
CVSSv2 Score:
6.8
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
PARTIAL
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSSv3 Score:
8.8
Attack vector:
NETWORK
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
HIGH
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE:
787 (Out-of-bounds Write)
References:
https://chromereleases.googleblog.com/2019/10/stable-channel-update-for-desktop_22.html ()
https://crbug.com/998431 ()
openSUSE-SU-2020:0010 ()
CVE: CVE-2019-13701
CVE: CVE-2019-13701
Id:
CVE-2019-13701
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13701
Comment
: Incorrect implementation in navigation in Google Chrome prior to 78.0.3904.70 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.
CVSSv2 Score:
4.3
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
PARTIAL
Availability impact:
NONE
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:N/I:P/A:N
CVSSv3 Score:
4.3
Attack vector:
NETWORK
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality impact:
NONE
Integrity impact:
LOW
Availability impact:
NONE
CVSSv3 Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
CWE:
290 (Authentication Bypass by Spoofing)
References:
https://chromereleases.googleblog.com/2019/10/stable-channel-update-for-desktop_22.html ()
https://crbug.com/998284 ()
openSUSE-SU-2020:0010 ()
CVE: CVE-2019-13702
CVE: CVE-2019-13702
Id:
CVE-2019-13702
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13702
Comment
: Inappropriate implementation in installer in Google Chrome on Windows prior to 78.0.3904.70 allowed a local attacker to perform privilege escalation via a crafted executable.
CVSSv2 Score:
6.8
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
PARTIAL
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSSv3 Score:
7.8
Attack vector:
LOCAL
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
HIGH
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE:
269 (Improper Privilege Management)
References:
https://chromereleases.googleblog.com/2019/10/stable-channel-update-for-desktop_22.html ()
https://crbug.com/991125 ()
openSUSE-SU-2020:0010 ()
CVE: CVE-2019-13703
CVE: CVE-2019-13703
Id:
CVE-2019-13703
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13703
Comment
: Insufficient policy enforcement in the Omnibox in Google Chrome on Android prior to 78.0.3904.70 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.
CVSSv2 Score:
4.3
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
PARTIAL
Availability impact:
NONE
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:N/I:P/A:N
CVSSv3 Score:
4.3
Attack vector:
NETWORK
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality impact:
NONE
Integrity impact:
LOW
Availability impact:
NONE
CVSSv3 Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
CWE:
290 (Authentication Bypass by Spoofing)
References:
https://chromereleases.googleblog.com/2019/10/stable-channel-update-for-desktop_22.html ()
https://crbug.com/992838 ()
openSUSE-SU-2020:0010 ()
CVE: CVE-2019-13704
CVE: CVE-2019-13704
Id:
CVE-2019-13704
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13704
Comment
: Insufficient policy enforcement in navigation in Google Chrome prior to 78.0.3904.70 allowed a remote attacker to bypass content security policy via a crafted HTML page.
CVSSv2 Score:
4.3
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
PARTIAL
Availability impact:
NONE
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:N/I:P/A:N
CVSSv3 Score:
4.3
Attack vector:
NETWORK
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality impact:
NONE
Integrity impact:
LOW
Availability impact:
NONE
CVSSv3 Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
CWE:
290 (Authentication Bypass by Spoofing)
References:
https://chromereleases.googleblog.com/2019/10/stable-channel-update-for-desktop_22.html ()
https://crbug.com/1001283 ()
openSUSE-SU-2020:0010 ()
CVE: CVE-2019-13705
CVE: CVE-2019-13705
Id:
CVE-2019-13705
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13705
Comment
: Insufficient policy enforcement in extensions in Google Chrome prior to 78.0.3904.70 allowed an attacker who convinced a user to install a malicious extension to leak cross-origin data via a crafted Chrome Extension.
CVSSv2 Score:
4.3
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
NONE
Availability impact:
NONE
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:P/I:N/A:N
CVSSv3 Score:
4.3
Attack vector:
NETWORK
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality impact:
LOW
Integrity impact:
NONE
Availability impact:
NONE
CVSSv3 Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
CWE:
269 (Improper Privilege Management)
References:
https://chromereleases.googleblog.com/2019/10/stable-channel-update-for-desktop_22.html ()
https://crbug.com/989078 ()
openSUSE-SU-2020:0010 ()
CVE: CVE-2019-13706
CVE: CVE-2019-13706
Id:
CVE-2019-13706
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13706
Comment
: Out of bounds memory access in PDFium in Google Chrome prior to 78.0.3904.70 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.
CVSSv2 Score:
6.8
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
PARTIAL
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSSv3 Score:
7.8
Attack vector:
LOCAL
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
HIGH
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE:
787 (Out-of-bounds Write)
References:
https://chromereleases.googleblog.com/2019/10/stable-channel-update-for-desktop_22.html ()
https://crbug.com/1001159 ()
openSUSE-SU-2020:0010 ()
CVE: CVE-2019-13707
CVE: CVE-2019-13707
Id:
CVE-2019-13707
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13707
Comment
: Insufficient validation of untrusted input in intents in Google Chrome on Android prior to 78.0.3904.70 allowed a local attacker to leak files via a crafted application.
CVSSv2 Score:
4.3
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
NONE
Availability impact:
NONE
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:P/I:N/A:N
CVSSv3 Score:
5.5
Attack vector:
LOCAL
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
NONE
Availability impact:
NONE
CVSSv3 Vector:
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
CWE:
20 (Improper Input Validation)
References:
https://chromereleases.googleblog.com/2019/10/stable-channel-update-for-desktop_22.html ()
https://crbug.com/859349 ()
openSUSE-SU-2020:0010 ()
CVE: CVE-2019-13708
CVE: CVE-2019-13708
Id:
CVE-2019-13708
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13708
Comment
: Inappropriate implementation in navigation in Google Chrome on iOS prior to 78.0.3904.70 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.
CVSSv2 Score:
4.3
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
PARTIAL
Availability impact:
NONE
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:N/I:P/A:N
CVSSv3 Score:
4.3
Attack vector:
NETWORK
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality impact:
NONE
Integrity impact:
LOW
Availability impact:
NONE
CVSSv3 Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
CWE:
290 (Authentication Bypass by Spoofing)
References:
https://chromereleases.googleblog.com/2019/10/stable-channel-update-for-desktop_22.html ()
https://crbug.com/931894 ()
openSUSE-SU-2020:0010 ()
CVE: CVE-2019-13709
CVE: CVE-2019-13709
Id:
CVE-2019-13709
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13709
Comment
: Insufficient policy enforcement in downloads in Google Chrome prior to 78.0.3904.70 allowed a remote attacker to bypass download restrictions via a crafted HTML page.
CVSSv2 Score:
4.3
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
PARTIAL
Availability impact:
NONE
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:N/I:P/A:N
CVSSv3 Score:
6.5
Attack vector:
NETWORK
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality impact:
NONE
Integrity impact:
HIGH
Availability impact:
NONE
CVSSv3 Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
CWE:
290 (Authentication Bypass by Spoofing)
References:
https://chromereleases.googleblog.com/2019/10/stable-channel-update-for-desktop_22.html ()
https://crbug.com/1005218 ()
openSUSE-SU-2020:0010 ()
CVE: CVE-2019-13710
CVE: CVE-2019-13710
Id:
CVE-2019-13710
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13710
Comment
: Insufficient validation of untrusted input in downloads in Google Chrome prior to 78.0.3904.70 allowed a remote attacker to bypass download restrictions via a crafted HTML page.
CVSSv2 Score:
4.3
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
PARTIAL
Availability impact:
NONE
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:N/I:P/A:N
CVSSv3 Score:
4.3
Attack vector:
NETWORK
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality impact:
NONE
Integrity impact:
LOW
Availability impact:
NONE
CVSSv3 Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
References:
https://chromereleases.googleblog.com/2019/10/stable-channel-update-for-desktop_22.html ()
https://crbug.com/756825 ()
openSUSE-SU-2020:0010 ()
CVE: CVE-2019-13711
CVE: CVE-2019-13711
Id:
CVE-2019-13711
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13711
Comment
: Insufficient policy enforcement in JavaScript in Google Chrome prior to 78.0.3904.70 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
CVSSv2 Score:
5
Access vector:
NETWORK
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
NONE
Availability impact:
NONE
CVSSv2 Vector:
AV:N/AC:L/Au:N/C:P/I:N/A:N
CVSSv3 Score:
5.3
Attack vector:
NETWORK
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
NONE
Scope:
UNCHANGED
Confidentiality impact:
LOW
Integrity impact:
NONE
Availability impact:
NONE
CVSSv3 Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
References:
https://chromereleases.googleblog.com/2019/10/stable-channel-update-for-desktop_22.html ()
https://crbug.com/986063 ()
openSUSE-SU-2020:0010 ()
CVE: CVE-2019-13713
CVE: CVE-2019-13713
Id:
CVE-2019-13713
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13713
Comment
: Insufficient policy enforcement in JavaScript in Google Chrome prior to 78.0.3904.70 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
CVSSv2 Score:
4.3
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
NONE
Availability impact:
NONE
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:P/I:N/A:N
CVSSv3 Score:
6.5
Attack vector:
NETWORK
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
NONE
Availability impact:
NONE
CVSSv3 Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
References:
https://chromereleases.googleblog.com/2019/10/stable-channel-update-for-desktop_22.html ()
https://crbug.com/993288 ()
openSUSE-SU-2020:0010 ()
CVE: CVE-2019-13714
CVE: CVE-2019-13714
Id:
CVE-2019-13714
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13714
Comment
: Insufficient validation of untrusted input in Color Enhancer extension in Google Chrome prior to 78.0.3904.70 allowed a remote attacker to inject CSS into an HTML page via a crafted URL.
CVSSv2 Score:
4.3
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
PARTIAL
Availability impact:
NONE
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:N/I:P/A:N
CVSSv3 Score:
6.1
Attack vector:
NETWORK
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
REQUIRED
Scope:
CHANGED
Confidentiality impact:
LOW
Integrity impact:
LOW
Availability impact:
NONE
CVSSv3 Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
CWE:
94 (Improper Control of Generation of Code ('Code Injection'))
References:
https://chromereleases.googleblog.com/2019/10/stable-channel-update-for-desktop_22.html ()
https://crbug.com/982812 ()
openSUSE-SU-2020:0010 ()
CVE: CVE-2019-13715
CVE: CVE-2019-13715
Id:
CVE-2019-13715
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13715
Comment
: Insufficient validation of untrusted input in Omnibox in Google Chrome prior to 78.0.3904.70 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name.
CVSSv2 Score:
4.3
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
PARTIAL
Availability impact:
NONE
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:N/I:P/A:N
CVSSv3 Score:
4.3
Attack vector:
NETWORK
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality impact:
NONE
Integrity impact:
LOW
Availability impact:
NONE
CVSSv3 Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
CWE:
290 (Authentication Bypass by Spoofing)
References:
https://chromereleases.googleblog.com/2019/10/stable-channel-update-for-desktop_22.html ()
https://crbug.com/760855 ()
openSUSE-SU-2020:0010 ()
CVE: CVE-2019-13716
CVE: CVE-2019-13716
Id:
CVE-2019-13716
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13716
Comment
: Insufficient policy enforcement in service workers in Google Chrome prior to 78.0.3904.70 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.
CVSSv2 Score:
4.3
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
PARTIAL
Availability impact:
NONE
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:N/I:P/A:N
CVSSv3 Score:
4.3
Attack vector:
NETWORK
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality impact:
NONE
Integrity impact:
LOW
Availability impact:
NONE
CVSSv3 Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
CWE:
863 (Incorrect Authorization)
References:
https://chromereleases.googleblog.com/2019/10/stable-channel-update-for-desktop_22.html ()
https://crbug.com/1005948 ()
openSUSE-SU-2020:0010 ()
CVE: CVE-2019-13717
CVE: CVE-2019-13717
Id:
CVE-2019-13717
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13717
Comment
: Incorrect security UI in full screen mode in Google Chrome prior to 78.0.3904.70 allowed a remote attacker to hide security UI via a crafted HTML page.
CVSSv2 Score:
4.3
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
PARTIAL
Availability impact:
NONE
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:N/I:P/A:N
CVSSv3 Score:
4.3
Attack vector:
NETWORK
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality impact:
NONE
Integrity impact:
LOW
Availability impact:
NONE
CVSSv3 Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
CWE:
922 ()
References:
https://chromereleases.googleblog.com/2019/10/stable-channel-update-for-desktop_22.html ()
https://crbug.com/839239 ()
openSUSE-SU-2020:0010 ()
CVE: CVE-2019-13718
CVE: CVE-2019-13718
Id:
CVE-2019-13718
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13718
Comment
: Insufficient data validation in Omnibox in Google Chrome prior to 78.0.3904.70 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name.
CVSSv2 Score:
4.3
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
PARTIAL
Availability impact:
NONE
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:N/I:P/A:N
CVSSv3 Score:
4.3
Attack vector:
NETWORK
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality impact:
NONE
Integrity impact:
LOW
Availability impact:
NONE
CVSSv3 Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
References:
https://chromereleases.googleblog.com/2019/10/stable-channel-update-for-desktop_22.html ()
https://crbug.com/866162 ()
openSUSE-SU-2020:0010 ()
CVE: CVE-2019-13719
CVE: CVE-2019-13719
Id:
CVE-2019-13719
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13719
Comment
: Incorrect security UI in full screen mode in Google Chrome prior to 78.0.3904.70 allowed a remote attacker to hide security UI via a crafted HTML page.
CVSSv2 Score:
4.3
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
PARTIAL
Availability impact:
NONE
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:N/I:P/A:N
CVSSv3 Score:
4.3
Attack vector:
NETWORK
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality impact:
NONE
Integrity impact:
LOW
Availability impact:
NONE
CVSSv3 Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
CWE:
922 ()
References:
https://chromereleases.googleblog.com/2019/10/stable-channel-update-for-desktop_22.html ()
https://crbug.com/927150 ()
openSUSE-SU-2020:0010 ()
CVE: CVE-2019-13720
CVE: CVE-2019-13720
Id:
CVE-2019-13720
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13720
Comment
: Use after free in WebAudio in Google Chrome prior to 78.0.3904.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVSSv2 Score:
6.8
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
PARTIAL
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSSv3 Score:
8.8
Attack vector:
NETWORK
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
HIGH
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE:
416 (Use After Free)
References:
https://crbug.com/1019226 (MISC)
https://chromereleases.googleblog.com/2019/10/stable-channel-update-for-desktop_31.html (MISC)
openSUSE-SU-2019:2664 (SUSE)
GLSA-202004-04 (GENTOO)
http://packetstormsecurity.com/files/167066/Google-Chrome-78.0.3904.70-Remote-Code-Execution.html (MISC)
CVE: CVE-2019-13721
CVE: CVE-2019-13721
Id:
CVE-2019-13721
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13721
Comment
: Use after free in PDFium in Google Chrome prior to 78.0.3904.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVSSv2 Score:
6.8
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
PARTIAL
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSSv3 Score:
8.8
Attack vector:
NETWORK
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
HIGH
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE:
787 (Out-of-bounds Write)
References:
https://chromereleases.googleblog.com/2019/10/stable-channel-update-for-desktop_31.html ()
https://crbug.com/1013868 ()
openSUSE-SU-2019:2664 ()
CVE: CVE-2019-15903
CVE: CVE-2019-15903
Id:
CVE-2019-15903
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15903
Comment
: In libexpat before 2.2.8, crafted XML input could fool the parser into changing from DTD parsing to document parsing too early; a consecutive call to XML_GetCurrentLineNumber (or XML_GetCurrentColumnNumber) then resulted in a heap-based buffer over-read.
CVSSv2 Score:
5
Access vector:
NETWORK
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:P
CVSSv3 Score:
7.5
Attack vector:
NETWORK
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
NONE
Scope:
UNCHANGED
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE:
125 (Out-of-bounds Read)
References:
https://github.com/libexpat/libexpat/pull/318 (MISC)
https://github.com/libexpat/libexpat/commit/c20b758c332d9a13afbbb276d30db1d183a85d43 (MISC)
https://github.com/libexpat/libexpat/issues/317 (MISC)
USN-4132-1 (UBUNTU)
https://github.com/libexpat/libexpat/issues/342 (CONFIRM)
20190917 [slackware-security] expat (SSA:2019-259-01) (BUGTRAQ)
http://packetstormsecurity.com/files/154503/Slackware-Security-Advisory-expat-Updates.html (MISC)
USN-4132-2 (UBUNTU)
DSA-4530 (DEBIAN)
20190923 [SECURITY] [DSA 4530-1] expat security update (BUGTRAQ)
https://security.netapp.com/advisory/ntap-20190926-0004/ (CONFIRM)
openSUSE-SU-2019:2205 (SUSE)
openSUSE-SU-2019:2204 (SUSE)
20191021 [slackware-security] python (SSA:2019-293-01) (BUGTRAQ)
http://packetstormsecurity.com/files/154927/Slackware-Security-Advisory-python-Updates.html (MISC)
http://packetstormsecurity.com/files/154947/Slackware-Security-Advisory-mozilla-firefox-Updates.html (MISC)
USN-4165-1 (UBUNTU)
DSA-4549 (DEBIAN)
RHSA-2019:3237 (REDHAT)
RHSA-2019:3210 (REDHAT)
20191101 [SECURITY] [DSA 4549-1] firefox-esr security update (BUGTRAQ)
openSUSE-SU-2019:2420 (SUSE)
openSUSE-SU-2019:2424 (SUSE)
openSUSE-SU-2019:2425 (SUSE)
RHSA-2019:3756 (REDHAT)
openSUSE-SU-2019:2447 (SUSE)
openSUSE-SU-2019:2459 (SUSE)
openSUSE-SU-2019:2464 (SUSE)
openSUSE-SU-2019:2451 (SUSE)
openSUSE-SU-2019:2452 (SUSE)
[debian-lts-announce] 20191110 [SECURITY] [DLA 1987-1] firefox-esr security update (MLIST)
20191118 [SECURITY] [DSA 4571-1] thunderbird security update (BUGTRAQ)
DSA-4571 (DEBIAN)
[debian-lts-announce] 20191118 [SECURITY] [DLA 1997-1] thunderbird security update (MLIST)
GLSA-201911-08 (GENTOO)
USN-4202-1 (UBUNTU)
https://support.apple.com/kb/HT210788 (CONFIRM)
https://support.apple.com/kb/HT210785 (CONFIRM)
https://support.apple.com/kb/HT210790 (CONFIRM)
https://support.apple.com/kb/HT210789 (CONFIRM)
20191211 APPLE-SA-2019-12-10-5 tvOS 13.3 (BUGTRAQ)
20191211 APPLE-SA-2019-12-10-3 macOS Catalina 10.15.2, Security Update 2019-002 Mojave, Security Update 2019-007 High Sierra (BUGTRAQ)
20191211 APPLE-SA-2019-12-10-8 watchOS 6.1.1 (BUGTRAQ)
https://support.apple.com/kb/HT210793 (CONFIRM)
https://support.apple.com/kb/HT210795 (CONFIRM)
https://support.apple.com/kb/HT210794 (CONFIRM)
20191213 APPLE-SA-2019-12-10-1 iOS 13.3 and iPadOS 13.3 (FULLDISC)
20191213 APPLE-SA-2019-12-10-3 macOS Catalina 10.15.2, Security Update 2019-002 Mojave, Security Update 2019-007 High Sierra (FULLDISC)
20191213 APPLE-SA-2019-12-10-5 tvOS 13.3 (FULLDISC)
20191213 APPLE-SA-2019-12-10-8 watchOS 6.1.1 (FULLDISC)
openSUSE-SU-2020:0010 (SUSE)
openSUSE-SU-2020:0086 (SUSE)
N/A (N/A)
USN-4335-1 (UBUNTU)
https://www.oracle.com/security-alerts/cpuoct2020.html (MISC)
https://www.tenable.com/security/tns-2021-11 (CONFIRM)
FEDORA-2019-613edfe68b ()
FEDORA-2019-9505c6b555 ()
FEDORA-2019-672ae0f060 ()
CVE: CVE-2019-5850
CVE: CVE-2019-5850
Id:
CVE-2019-5850
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5850
Comment
: Use after free in offline mode in Google Chrome prior to 76.0.3809.87 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
CVSSv2 Score:
6.8
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
PARTIAL
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSSv3 Score:
9.6
Attack vector:
NETWORK
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
REQUIRED
Scope:
CHANGED
Confidentiality impact:
HIGH
Integrity impact:
HIGH
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
CWE:
416 (Use After Free)
References:
https://crbug.com/977462 ()
https://chromereleases.googleblog.com/2019/07/stable-channel-update-for-desktop_30.html ()
CVE: CVE-2019-5851
CVE: CVE-2019-5851
Id:
CVE-2019-5851
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5851
Comment
: Use after free in WebAudio in Google Chrome prior to 76.0.3809.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVSSv2 Score:
6.8
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
PARTIAL
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSSv3 Score:
8.8
Attack vector:
NETWORK
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
HIGH
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE:
787 (Out-of-bounds Write)
References:
https://chromereleases.googleblog.com/2019/07/stable-channel-update-for-desktop_30.html ()
https://crbug.com/977107 ()
CVE: CVE-2019-5852
CVE: CVE-2019-5852
Id:
CVE-2019-5852
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5852
Comment
: Inappropriate implementation in JavaScript in Google Chrome prior to 76.0.3809.87 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.
CVSSv2 Score:
4.3
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
NONE
Availability impact:
NONE
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:P/I:N/A:N
CVSSv3 Score:
6.5
Attack vector:
NETWORK
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
NONE
Availability impact:
NONE
CVSSv3 Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
CWE:
20 (Improper Input Validation)
References:
https://chromereleases.googleblog.com/2019/07/stable-channel-update-for-desktop_30.html ()
https://crbug.com/976713 ()
CVE: CVE-2019-5853
CVE: CVE-2019-5853
Id:
CVE-2019-5853
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5853
Comment
: Inappropriate implementation in JavaScript in Google Chrome prior to 76.0.3809.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVSSv2 Score:
6.8
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
PARTIAL
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSSv3 Score:
8.8
Attack vector:
NETWORK
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
HIGH
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE:
682 (Incorrect Calculation)
References:
https://chromereleases.googleblog.com/2019/07/stable-channel-update-for-desktop_30.html ()
https://crbug.com/976627 ()
CVE: CVE-2019-5854
CVE: CVE-2019-5854
Id:
CVE-2019-5854
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5854
Comment
: Integer overflow in PDFium in Google Chrome prior to 76.0.3809.87 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.
CVSSv2 Score:
6.8
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
PARTIAL
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSSv3 Score:
8.8
Attack vector:
NETWORK
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
HIGH
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE:
787 (Out-of-bounds Write)
References:
https://chromereleases.googleblog.com/2019/07/stable-channel-update-for-desktop_30.html ()
https://crbug.com/966263 ()
CVE: CVE-2019-5855
CVE: CVE-2019-5855
Id:
CVE-2019-5855
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5855
Comment
: Integer overflow in PDFium in Google Chrome prior to 76.0.3809.87 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.
CVSSv2 Score:
4.3
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:N/I:N/A:P
CVSSv3 Score:
6.5
Attack vector:
NETWORK
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CWE:
787 (Out-of-bounds Write)
References:
https://chromereleases.googleblog.com/2019/07/stable-channel-update-for-desktop_30.html ()
https://crbug.com/964872 ()
CVE: CVE-2019-5856
CVE: CVE-2019-5856
Id:
CVE-2019-5856
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5856
Comment
: Insufficient policy enforcement in storage in Google Chrome prior to 76.0.3809.87 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page.
CVSSv2 Score:
6.8
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
PARTIAL
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSSv3 Score:
8.8
Attack vector:
NETWORK
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
HIGH
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE:
20 (Improper Input Validation)
References:
https://chromereleases.googleblog.com/2019/07/stable-channel-update-for-desktop_30.html ()
https://crbug.com/964245 ()
CVE: CVE-2019-5857
CVE: CVE-2019-5857
Id:
CVE-2019-5857
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5857
Comment
: Inappropriate implementation in JavaScript in Google Chrome prior to 76.0.3809.87 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page.
CVSSv2 Score:
4.3
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:N/I:N/A:P
CVSSv3 Score:
6.5
Attack vector:
NETWORK
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CWE:
787 (Out-of-bounds Write)
References:
https://chromereleases.googleblog.com/2019/07/stable-channel-update-for-desktop_30.html ()
https://crbug.com/961237 ()
CVE: CVE-2019-5858
CVE: CVE-2019-5858
Id:
CVE-2019-5858
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5858
Comment
: Incorrect security UI in MacOS services integration in Google Chrome on OS X prior to 76.0.3809.87 allowed a local attacker to execute arbitrary code via a crafted HTML page.
CVSSv2 Score:
6.8
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
PARTIAL
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSSv3 Score:
8.8
Attack vector:
NETWORK
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
HIGH
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE:
20 (Improper Input Validation)
References:
https://chromereleases.googleblog.com/2019/07/stable-channel-update-for-desktop_30.html ()
https://crbug.com/960209 ()
CVE: CVE-2019-5859
CVE: CVE-2019-5859
Id:
CVE-2019-5859
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5859
Comment
: Insufficient filtering in URI schemes in Google Chrome on Windows prior to 76.0.3809.87 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.
CVSSv2 Score:
6.8
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
PARTIAL
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSSv3 Score:
8.8
Attack vector:
NETWORK
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
HIGH
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
References:
https://chromereleases.googleblog.com/2019/07/stable-channel-update-for-desktop_30.html ()
https://crbug.com/959438 ()
CVE: CVE-2019-5860
CVE: CVE-2019-5860
Id:
CVE-2019-5860
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5860
Comment
: Use after free in PDFium in Google Chrome prior to 76.0.3809.87 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.
CVSSv2 Score:
4.3
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:N/I:N/A:P
CVSSv3 Score:
5.5
Attack vector:
LOCAL
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CWE:
787 (Out-of-bounds Write)
References:
https://chromereleases.googleblog.com/2019/07/stable-channel-update-for-desktop_30.html ()
https://crbug.com/956947 ()
CVE: CVE-2019-5861
CVE: CVE-2019-5861
Id:
CVE-2019-5861
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5861
Comment
: Insufficient data validation in Blink in Google Chrome prior to 76.0.3809.87 allowed a remote attacker to bypass anti-clickjacking policy via a crafted HTML page.
CVSSv2 Score:
4.3
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
PARTIAL
Availability impact:
NONE
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:N/I:P/A:N
CVSSv3 Score:
4.3
Attack vector:
NETWORK
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality impact:
NONE
Integrity impact:
LOW
Availability impact:
NONE
CVSSv3 Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
CWE:
1021 ()
References:
https://chromereleases.googleblog.com/2019/07/stable-channel-update-for-desktop_30.html ()
https://crbug.com/951525 ()
CVE: CVE-2019-5862
CVE: CVE-2019-5862
Id:
CVE-2019-5862
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5862
Comment
: Insufficient data validation in AppCache in Google Chrome prior to 76.0.3809.87 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page.
CVSSv2 Score:
4.3
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
PARTIAL
Availability impact:
NONE
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:N/I:P/A:N
CVSSv3 Score:
6.5
Attack vector:
NETWORK
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality impact:
NONE
Integrity impact:
HIGH
Availability impact:
NONE
CVSSv3 Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
CWE:
20 (Improper Input Validation)
References:
https://chromereleases.googleblog.com/2019/07/stable-channel-update-for-desktop_30.html ()
https://crbug.com/946260 ()
CVE: CVE-2019-5863
CVE: CVE-2019-5863
Id:
CVE-2019-5863
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5863
Comment
: Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none
References:
CVE: CVE-2019-5864
CVE: CVE-2019-5864
Id:
CVE-2019-5864
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5864
Comment
: Insufficient data validation in CORS in Google Chrome prior to 76.0.3809.87 allowed an attacker who convinced a user to install a malicious extension to bypass content security policy via a crafted Chrome Extension.
CVSSv2 Score:
4.3
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
PARTIAL
Availability impact:
NONE
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:N/I:P/A:N
CVSSv3 Score:
4.3
Attack vector:
NETWORK
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality impact:
NONE
Integrity impact:
LOW
Availability impact:
NONE
CVSSv3 Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
CWE:
20 (Improper Input Validation)
References:
https://chromereleases.googleblog.com/2019/07/stable-channel-update-for-desktop_30.html ()
https://crbug.com/936900 ()
CVE: CVE-2019-5865
CVE: CVE-2019-5865
Id:
CVE-2019-5865
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5865
Comment
: Insufficient policy enforcement in navigations in Google Chrome prior to 76.0.3809.87 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page.
CVSSv2 Score:
4.3
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
PARTIAL
Availability impact:
NONE
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:N/I:P/A:N
CVSSv3 Score:
6.5
Attack vector:
NETWORK
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality impact:
NONE
Integrity impact:
HIGH
Availability impact:
NONE
CVSSv3 Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
CWE:
862 (Missing Authorization)
References:
https://chromereleases.googleblog.com/2019/07/stable-channel-update-for-desktop_30.html ()
https://crbug.com/973103 ()
CVE: CVE-2019-5867
CVE: CVE-2019-5867
Id:
CVE-2019-5867
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5867
Comment
: Out of bounds read in JavaScript in Google Chrome prior to 76.0.3809.100 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVSSv2 Score:
4.3
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:N/I:N/A:P
CVSSv3 Score:
6.5
Attack vector:
NETWORK
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CWE:
125 (Out-of-bounds Read)
References:
https://crbug.com/984344 ()
https://chromereleases.googleblog.com/2019/08/stable-channel-update-for-desktop.html ()
CVE: CVE-2019-5868
CVE: CVE-2019-5868
Id:
CVE-2019-5868
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5868
Comment
: Use after free in PDFium in Google Chrome prior to 76.0.3809.100 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.
CVSSv2 Score:
4.3
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:N/I:N/A:P
CVSSv3 Score:
5.5
Attack vector:
LOCAL
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CWE:
787 (Out-of-bounds Write)
References:
https://chromereleases.googleblog.com/2019/08/stable-channel-update-for-desktop.html ()
https://crbug.com/983867 ()
CVE: CVE-2019-5869
CVE: CVE-2019-5869
Id:
CVE-2019-5869
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5869
Comment
: Use after free in Blink in Google Chrome prior to 76.0.3809.132 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVSSv2 Score:
4.3
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:N/I:N/A:P
CVSSv3 Score:
6.5
Attack vector:
NETWORK
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CWE:
787 (Out-of-bounds Write)
References:
https://crbug.com/978793 ()
https://chromereleases.googleblog.com/2019/08/stable-channel-update-for-desktop_26.html ()
CVE: CVE-2019-5870
CVE: CVE-2019-5870
Id:
CVE-2019-5870
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5870
Comment
: Use after free in media in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page.
CVSSv2 Score:
6.8
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
PARTIAL
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSSv3 Score:
9.6
Attack vector:
NETWORK
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
REQUIRED
Scope:
CHANGED
Confidentiality impact:
HIGH
Integrity impact:
HIGH
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
CWE:
416 (Use After Free)
References:
https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop.html ()
https://crbug.com/999311 ()
CVE: CVE-2019-5871
CVE: CVE-2019-5871
Id:
CVE-2019-5871
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5871
Comment
: Heap buffer overflow in Skia in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVSSv2 Score:
6.8
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
PARTIAL
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSSv3 Score:
8.8
Attack vector:
NETWORK
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
HIGH
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE:
787 (Out-of-bounds Write)
References:
https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop.html ()
https://crbug.com/990570 ()
CVE: CVE-2019-5872
CVE: CVE-2019-5872
Id:
CVE-2019-5872
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5872
Comment
: Use after free in Mojo in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVSSv2 Score:
4.3
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:N/I:N/A:P
CVSSv3 Score:
6.5
Attack vector:
NETWORK
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CWE:
787 (Out-of-bounds Write)
References:
https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop.html ()
https://crbug.com/981492 ()
CVE: CVE-2019-5874
CVE: CVE-2019-5874
Id:
CVE-2019-5874
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5874
Comment
: Insufficient filtering in URI schemes in Google Chrome on Windows prior to 77.0.3865.75 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.
CVSSv2 Score:
6.8
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
PARTIAL
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSSv3 Score:
8.8
Attack vector:
NETWORK
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
HIGH
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
References:
https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop.html ()
https://crbug.com/989797 ()
CVE: CVE-2019-5875
CVE: CVE-2019-5875
Id:
CVE-2019-5875
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5875
Comment
: Insufficient data validation in downloads in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.
CVSSv2 Score:
4.3
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
PARTIAL
Availability impact:
NONE
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:N/I:P/A:N
CVSSv3 Score:
4.3
Attack vector:
NETWORK
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality impact:
NONE
Integrity impact:
LOW
Availability impact:
NONE
CVSSv3 Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
References:
https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop.html ()
https://crbug.com/979443 ()
CVE: CVE-2019-5876
CVE: CVE-2019-5876
Id:
CVE-2019-5876
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5876
Comment
: Use after free in media in Google Chrome on Android prior to 77.0.3865.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVSSv2 Score:
6.8
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
PARTIAL
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSSv3 Score:
8.8
Attack vector:
NETWORK
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
HIGH
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE:
787 (Out-of-bounds Write)
References:
https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop.html ()
https://crbug.com/997190 ()
CVE: CVE-2019-5877
CVE: CVE-2019-5877
Id:
CVE-2019-5877
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5877
Comment
: Out of bounds memory access in JavaScript in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVSSv2 Score:
6.8
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
PARTIAL
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSSv3 Score:
8.8
Attack vector:
NETWORK
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
HIGH
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE:
787 (Out-of-bounds Write)
References:
https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop.html ()
https://crbug.com/999310 ()
CVE: CVE-2019-5878
CVE: CVE-2019-5878
Id:
CVE-2019-5878
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5878
Comment
: Use after free in V8 in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVSSv2 Score:
6.8
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
PARTIAL
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSSv3 Score:
8.8
Attack vector:
NETWORK
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
HIGH
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE:
787 (Out-of-bounds Write)
References:
https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop.html ()
https://crbug.com/1000217 ()
CVE: CVE-2019-5879
CVE: CVE-2019-5879
Id:
CVE-2019-5879
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5879
Comment
: Insufficient policy enforcement in extensions in Google Chrome prior to 77.0.3865.75 allowed an attacker who convinced a user to install a malicious extension to read local files via a crafted Chrome Extension.
CVSSv2 Score:
4.3
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
NONE
Availability impact:
NONE
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:P/I:N/A:N
CVSSv3 Score:
6.5
Attack vector:
NETWORK
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
NONE
Availability impact:
NONE
CVSSv3 Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
CWE:
863 (Incorrect Authorization)
References:
https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop.html ()
https://crbug.com/986043 ()
CVE: CVE-2019-5880
CVE: CVE-2019-5880
Id:
CVE-2019-5880
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5880
Comment
: Insufficient policy enforcement in Blink in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
CVSSv2 Score:
4.3
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
NONE
Availability impact:
NONE
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:P/I:N/A:N
CVSSv3 Score:
7.4
Attack vector:
NETWORK
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
REQUIRED
Scope:
CHANGED
Confidentiality impact:
HIGH
Integrity impact:
NONE
Availability impact:
NONE
CVSSv3 Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N
CWE:
200 (Information Exposure)
References:
https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop.html ()
https://crbug.com/831725 ()
CVE: CVE-2019-5881
CVE: CVE-2019-5881
Id:
CVE-2019-5881
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5881
Comment
: Out of bounds read in SwiftShader in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.
CVSSv2 Score:
5.8
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
NONE
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:P/I:N/A:P
CVSSv3 Score:
8.1
Attack vector:
NETWORK
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
NONE
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H
CWE:
125 (Out-of-bounds Read)
References:
https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop.html ()
https://crbug.com/980816 ()
Content available only for registered users!
ovaldb@altx-soft.com