Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CERTFR-2019-AVI-246
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans Google Chrome. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur et un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Google Chrome toutes versions ant\u00e9rieures \u00e0 Chrome 75.0.3770.80",
"product": {
"name": "Chrome",
"vendor": {
"name": "Google",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2019-5830",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-5830"
},
{
"name": "CVE-2019-5828",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-5828"
},
{
"name": "CVE-2019-5836",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-5836"
},
{
"name": "CVE-2019-5832",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-5832"
},
{
"name": "CVE-2019-5829",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-5829"
},
{
"name": "CVE-2019-5838",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-5838"
},
{
"name": "CVE-2019-5831",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-5831"
},
{
"name": "CVE-2019-5839",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-5839"
},
{
"name": "CVE-2019-5837",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-5837"
},
{
"name": "CVE-2019-5840",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-5840"
},
{
"name": "CVE-2019-5833",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-5833"
},
{
"name": "CVE-2019-5835",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-5835"
},
{
"name": "CVE-2019-5834",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-5834"
}
],
"initial_release_date": "2019-06-05T00:00:00",
"last_revision_date": "2019-06-05T00:00:00",
"links": [],
"reference": "CERTFR-2019-AVI-246",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2019-06-05T00:00:00.000000"
}
],
"risks": [
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Google Chrome.\nElles permettent \u00e0 un attaquant de provoquer un probl\u00e8me de s\u00e9curit\u00e9 non\nsp\u00e9cifi\u00e9 par l\u0027\u00e9diteur et un contournement de la politique de s\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Google Chrome",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Google du 04 juin 2019",
"url": "https://chromereleases.googleblog.com/2019/06/stable-channel-update-for-desktop.html?utm_source=feedburner\u0026utm_medium=feed\u0026utm_campaign=Feed%3A+GoogleChromeReleases+%28Google+Chrome+Releases%29"
}
]
}
CVE-2019-5834 (GCVE-0-2019-5834)
Vulnerability from cvelistv5
Published
2019-06-27 16:13
Modified
2024-08-04 20:09
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Insufficient data validation
Summary
Insufficient data validation in Blink in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to perform domain spoofing via a crafted HTML page.
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T20:09:23.621Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://chromereleases.googleblog.com/2019/06/stable-channel-update-for-desktop.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://crbug.com/962368"
},
{
"name": "openSUSE-SU-2019:1666",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html"
},
{
"name": "FEDORA-2019-8fb8240d14",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FKN4GPMBQ3SDXWB4HL45II5CZ7P2E4AI/"
},
{
"name": "FEDORA-2019-a1af621faf",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CPM7VPE27DUNJLXM4F5PAAEFFWOEND6X/"
},
{
"name": "DSA-4500",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2019/dsa-4500"
},
{
"name": "20190813 [SECURITY] [DSA 4500-1] chromium security update",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "https://seclists.org/bugtraq/2019/Aug/19"
},
{
"name": "GLSA-201908-18",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201908-18"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Chrome",
"vendor": "Google",
"versions": [
{
"lessThan": "75.0.3770.80",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Insufficient data validation in Blink in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to perform domain spoofing via a crafted HTML page."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Insufficient data validation",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-15T17:06:12",
"orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"shortName": "Chrome"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://chromereleases.googleblog.com/2019/06/stable-channel-update-for-desktop.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://crbug.com/962368"
},
{
"name": "openSUSE-SU-2019:1666",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html"
},
{
"name": "FEDORA-2019-8fb8240d14",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FKN4GPMBQ3SDXWB4HL45II5CZ7P2E4AI/"
},
{
"name": "FEDORA-2019-a1af621faf",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CPM7VPE27DUNJLXM4F5PAAEFFWOEND6X/"
},
{
"name": "DSA-4500",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2019/dsa-4500"
},
{
"name": "20190813 [SECURITY] [DSA 4500-1] chromium security update",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "https://seclists.org/bugtraq/2019/Aug/19"
},
{
"name": "GLSA-201908-18",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201908-18"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@google.com",
"ID": "CVE-2019-5834",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Chrome",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "75.0.3770.80"
}
]
}
}
]
},
"vendor_name": "Google"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Insufficient data validation in Blink in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to perform domain spoofing via a crafted HTML page."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Insufficient data validation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://chromereleases.googleblog.com/2019/06/stable-channel-update-for-desktop.html",
"refsource": "MISC",
"url": "https://chromereleases.googleblog.com/2019/06/stable-channel-update-for-desktop.html"
},
{
"name": "https://crbug.com/962368",
"refsource": "MISC",
"url": "https://crbug.com/962368"
},
{
"name": "openSUSE-SU-2019:1666",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html"
},
{
"name": "FEDORA-2019-8fb8240d14",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FKN4GPMBQ3SDXWB4HL45II5CZ7P2E4AI/"
},
{
"name": "FEDORA-2019-a1af621faf",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CPM7VPE27DUNJLXM4F5PAAEFFWOEND6X/"
},
{
"name": "DSA-4500",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2019/dsa-4500"
},
{
"name": "20190813 [SECURITY] [DSA 4500-1] chromium security update",
"refsource": "BUGTRAQ",
"url": "https://seclists.org/bugtraq/2019/Aug/19"
},
{
"name": "GLSA-201908-18",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201908-18"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"assignerShortName": "Chrome",
"cveId": "CVE-2019-5834",
"datePublished": "2019-06-27T16:13:44",
"dateReserved": "2019-01-09T00:00:00",
"dateUpdated": "2024-08-04T20:09:23.621Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-5838 (GCVE-0-2019-5838)
Vulnerability from cvelistv5
Published
2019-06-27 16:13
Modified
2024-08-04 20:09
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Insufficient policy enforcement
Summary
Insufficient policy enforcement in extensions API in Google Chrome prior to 75.0.3770.80 allowed an attacker who convinced a user to install a malicious extension to bypass restrictions on file URIs via a crafted Chrome Extension.
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T20:09:23.473Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://chromereleases.googleblog.com/2019/06/stable-channel-update-for-desktop.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://crbug.com/893087"
},
{
"name": "openSUSE-SU-2019:1666",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html"
},
{
"name": "FEDORA-2019-8fb8240d14",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FKN4GPMBQ3SDXWB4HL45II5CZ7P2E4AI/"
},
{
"name": "FEDORA-2019-a1af621faf",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CPM7VPE27DUNJLXM4F5PAAEFFWOEND6X/"
},
{
"name": "DSA-4500",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2019/dsa-4500"
},
{
"name": "20190813 [SECURITY] [DSA 4500-1] chromium security update",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "https://seclists.org/bugtraq/2019/Aug/19"
},
{
"name": "GLSA-201908-18",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201908-18"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Chrome",
"vendor": "Google",
"versions": [
{
"lessThan": "75.0.3770.80",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Insufficient policy enforcement in extensions API in Google Chrome prior to 75.0.3770.80 allowed an attacker who convinced a user to install a malicious extension to bypass restrictions on file URIs via a crafted Chrome Extension."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Insufficient policy enforcement",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-15T17:06:12",
"orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"shortName": "Chrome"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://chromereleases.googleblog.com/2019/06/stable-channel-update-for-desktop.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://crbug.com/893087"
},
{
"name": "openSUSE-SU-2019:1666",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html"
},
{
"name": "FEDORA-2019-8fb8240d14",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FKN4GPMBQ3SDXWB4HL45II5CZ7P2E4AI/"
},
{
"name": "FEDORA-2019-a1af621faf",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CPM7VPE27DUNJLXM4F5PAAEFFWOEND6X/"
},
{
"name": "DSA-4500",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2019/dsa-4500"
},
{
"name": "20190813 [SECURITY] [DSA 4500-1] chromium security update",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "https://seclists.org/bugtraq/2019/Aug/19"
},
{
"name": "GLSA-201908-18",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201908-18"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@google.com",
"ID": "CVE-2019-5838",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Chrome",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "75.0.3770.80"
}
]
}
}
]
},
"vendor_name": "Google"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Insufficient policy enforcement in extensions API in Google Chrome prior to 75.0.3770.80 allowed an attacker who convinced a user to install a malicious extension to bypass restrictions on file URIs via a crafted Chrome Extension."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Insufficient policy enforcement"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://chromereleases.googleblog.com/2019/06/stable-channel-update-for-desktop.html",
"refsource": "MISC",
"url": "https://chromereleases.googleblog.com/2019/06/stable-channel-update-for-desktop.html"
},
{
"name": "https://crbug.com/893087",
"refsource": "MISC",
"url": "https://crbug.com/893087"
},
{
"name": "openSUSE-SU-2019:1666",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html"
},
{
"name": "FEDORA-2019-8fb8240d14",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FKN4GPMBQ3SDXWB4HL45II5CZ7P2E4AI/"
},
{
"name": "FEDORA-2019-a1af621faf",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CPM7VPE27DUNJLXM4F5PAAEFFWOEND6X/"
},
{
"name": "DSA-4500",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2019/dsa-4500"
},
{
"name": "20190813 [SECURITY] [DSA 4500-1] chromium security update",
"refsource": "BUGTRAQ",
"url": "https://seclists.org/bugtraq/2019/Aug/19"
},
{
"name": "GLSA-201908-18",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201908-18"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"assignerShortName": "Chrome",
"cveId": "CVE-2019-5838",
"datePublished": "2019-06-27T16:13:44",
"dateReserved": "2019-01-09T00:00:00",
"dateUpdated": "2024-08-04T20:09:23.473Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-5840 (GCVE-0-2019-5840)
Vulnerability from cvelistv5
Published
2019-06-27 16:13
Modified
2024-08-04 20:09
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Incorrect security UI
Summary
Incorrect security UI in popup blocker in Google Chrome on iOS prior to 75.0.3770.80 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T20:09:23.680Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://chromereleases.googleblog.com/2019/06/stable-channel-update-for-desktop.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://crbug.com/951782"
},
{
"name": "openSUSE-SU-2019:1666",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html"
},
{
"name": "FEDORA-2019-8fb8240d14",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FKN4GPMBQ3SDXWB4HL45II5CZ7P2E4AI/"
},
{
"name": "FEDORA-2019-a1af621faf",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CPM7VPE27DUNJLXM4F5PAAEFFWOEND6X/"
},
{
"name": "DSA-4500",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2019/dsa-4500"
},
{
"name": "20190813 [SECURITY] [DSA 4500-1] chromium security update",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "https://seclists.org/bugtraq/2019/Aug/19"
},
{
"name": "GLSA-201908-18",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201908-18"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Chrome",
"vendor": "Google",
"versions": [
{
"lessThan": "75.0.3770.80",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Incorrect security UI in popup blocker in Google Chrome on iOS prior to 75.0.3770.80 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Incorrect security UI",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-15T17:06:12",
"orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"shortName": "Chrome"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://chromereleases.googleblog.com/2019/06/stable-channel-update-for-desktop.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://crbug.com/951782"
},
{
"name": "openSUSE-SU-2019:1666",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html"
},
{
"name": "FEDORA-2019-8fb8240d14",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FKN4GPMBQ3SDXWB4HL45II5CZ7P2E4AI/"
},
{
"name": "FEDORA-2019-a1af621faf",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CPM7VPE27DUNJLXM4F5PAAEFFWOEND6X/"
},
{
"name": "DSA-4500",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2019/dsa-4500"
},
{
"name": "20190813 [SECURITY] [DSA 4500-1] chromium security update",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "https://seclists.org/bugtraq/2019/Aug/19"
},
{
"name": "GLSA-201908-18",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201908-18"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@google.com",
"ID": "CVE-2019-5840",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Chrome",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "75.0.3770.80"
}
]
}
}
]
},
"vendor_name": "Google"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Incorrect security UI in popup blocker in Google Chrome on iOS prior to 75.0.3770.80 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Incorrect security UI"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://chromereleases.googleblog.com/2019/06/stable-channel-update-for-desktop.html",
"refsource": "MISC",
"url": "https://chromereleases.googleblog.com/2019/06/stable-channel-update-for-desktop.html"
},
{
"name": "https://crbug.com/951782",
"refsource": "MISC",
"url": "https://crbug.com/951782"
},
{
"name": "openSUSE-SU-2019:1666",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html"
},
{
"name": "FEDORA-2019-8fb8240d14",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FKN4GPMBQ3SDXWB4HL45II5CZ7P2E4AI/"
},
{
"name": "FEDORA-2019-a1af621faf",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CPM7VPE27DUNJLXM4F5PAAEFFWOEND6X/"
},
{
"name": "DSA-4500",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2019/dsa-4500"
},
{
"name": "20190813 [SECURITY] [DSA 4500-1] chromium security update",
"refsource": "BUGTRAQ",
"url": "https://seclists.org/bugtraq/2019/Aug/19"
},
{
"name": "GLSA-201908-18",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201908-18"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"assignerShortName": "Chrome",
"cveId": "CVE-2019-5840",
"datePublished": "2019-06-27T16:13:44",
"dateReserved": "2019-01-09T00:00:00",
"dateUpdated": "2024-08-04T20:09:23.680Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-5835 (GCVE-0-2019-5835)
Vulnerability from cvelistv5
Published
2019-06-27 16:13
Modified
2024-08-04 20:09
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Object lifecycle issue
Summary
Object lifecycle issue in SwiftShader in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page.
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T20:09:23.594Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://chromereleases.googleblog.com/2019/06/stable-channel-update-for-desktop.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://crbug.com/939239"
},
{
"name": "openSUSE-SU-2019:1666",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html"
},
{
"name": "FEDORA-2019-8fb8240d14",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FKN4GPMBQ3SDXWB4HL45II5CZ7P2E4AI/"
},
{
"name": "FEDORA-2019-a1af621faf",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CPM7VPE27DUNJLXM4F5PAAEFFWOEND6X/"
},
{
"name": "GLSA-201908-18",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201908-18"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Chrome",
"vendor": "Google",
"versions": [
{
"lessThan": "75.0.3770.80",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Object lifecycle issue in SwiftShader in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Object lifecycle issue",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-15T17:06:11",
"orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"shortName": "Chrome"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://chromereleases.googleblog.com/2019/06/stable-channel-update-for-desktop.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://crbug.com/939239"
},
{
"name": "openSUSE-SU-2019:1666",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html"
},
{
"name": "FEDORA-2019-8fb8240d14",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FKN4GPMBQ3SDXWB4HL45II5CZ7P2E4AI/"
},
{
"name": "FEDORA-2019-a1af621faf",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CPM7VPE27DUNJLXM4F5PAAEFFWOEND6X/"
},
{
"name": "GLSA-201908-18",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201908-18"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@google.com",
"ID": "CVE-2019-5835",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Chrome",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "75.0.3770.80"
}
]
}
}
]
},
"vendor_name": "Google"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Object lifecycle issue in SwiftShader in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Object lifecycle issue"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://chromereleases.googleblog.com/2019/06/stable-channel-update-for-desktop.html",
"refsource": "MISC",
"url": "https://chromereleases.googleblog.com/2019/06/stable-channel-update-for-desktop.html"
},
{
"name": "https://crbug.com/939239",
"refsource": "MISC",
"url": "https://crbug.com/939239"
},
{
"name": "openSUSE-SU-2019:1666",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html"
},
{
"name": "FEDORA-2019-8fb8240d14",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FKN4GPMBQ3SDXWB4HL45II5CZ7P2E4AI/"
},
{
"name": "FEDORA-2019-a1af621faf",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CPM7VPE27DUNJLXM4F5PAAEFFWOEND6X/"
},
{
"name": "GLSA-201908-18",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201908-18"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"assignerShortName": "Chrome",
"cveId": "CVE-2019-5835",
"datePublished": "2019-06-27T16:13:44",
"dateReserved": "2019-01-09T00:00:00",
"dateUpdated": "2024-08-04T20:09:23.594Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-5839 (GCVE-0-2019-5839)
Vulnerability from cvelistv5
Published
2019-06-27 16:13
Modified
2024-08-04 20:09
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Insufficient data validation
Summary
Excessive data validation in URL parser in Google Chrome prior to 75.0.3770.80 allowed a remote attacker who convinced a user to input a URL to bypass website URL validation via a crafted URL.
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T20:09:23.612Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://chromereleases.googleblog.com/2019/06/stable-channel-update-for-desktop.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://crbug.com/925614"
},
{
"name": "openSUSE-SU-2019:1666",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html"
},
{
"name": "FEDORA-2019-8fb8240d14",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FKN4GPMBQ3SDXWB4HL45II5CZ7P2E4AI/"
},
{
"name": "FEDORA-2019-a1af621faf",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CPM7VPE27DUNJLXM4F5PAAEFFWOEND6X/"
},
{
"name": "DSA-4500",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2019/dsa-4500"
},
{
"name": "20190813 [SECURITY] [DSA 4500-1] chromium security update",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "https://seclists.org/bugtraq/2019/Aug/19"
},
{
"name": "GLSA-201908-18",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201908-18"
},
{
"name": "FEDORA-2019-e5ff5d0ffd",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EI3DGFVT7CKJO6YVMP55R35HCDVEIC4Z/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Chrome",
"vendor": "Google",
"versions": [
{
"lessThan": "75.0.3770.80",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Excessive data validation in URL parser in Google Chrome prior to 75.0.3770.80 allowed a remote attacker who convinced a user to input a URL to bypass website URL validation via a crafted URL."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Insufficient data validation",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-10-14T18:06:12",
"orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"shortName": "Chrome"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://chromereleases.googleblog.com/2019/06/stable-channel-update-for-desktop.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://crbug.com/925614"
},
{
"name": "openSUSE-SU-2019:1666",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html"
},
{
"name": "FEDORA-2019-8fb8240d14",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FKN4GPMBQ3SDXWB4HL45II5CZ7P2E4AI/"
},
{
"name": "FEDORA-2019-a1af621faf",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CPM7VPE27DUNJLXM4F5PAAEFFWOEND6X/"
},
{
"name": "DSA-4500",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2019/dsa-4500"
},
{
"name": "20190813 [SECURITY] [DSA 4500-1] chromium security update",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "https://seclists.org/bugtraq/2019/Aug/19"
},
{
"name": "GLSA-201908-18",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201908-18"
},
{
"name": "FEDORA-2019-e5ff5d0ffd",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EI3DGFVT7CKJO6YVMP55R35HCDVEIC4Z/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@google.com",
"ID": "CVE-2019-5839",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Chrome",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "75.0.3770.80"
}
]
}
}
]
},
"vendor_name": "Google"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Excessive data validation in URL parser in Google Chrome prior to 75.0.3770.80 allowed a remote attacker who convinced a user to input a URL to bypass website URL validation via a crafted URL."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Insufficient data validation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://chromereleases.googleblog.com/2019/06/stable-channel-update-for-desktop.html",
"refsource": "MISC",
"url": "https://chromereleases.googleblog.com/2019/06/stable-channel-update-for-desktop.html"
},
{
"name": "https://crbug.com/925614",
"refsource": "MISC",
"url": "https://crbug.com/925614"
},
{
"name": "openSUSE-SU-2019:1666",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html"
},
{
"name": "FEDORA-2019-8fb8240d14",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FKN4GPMBQ3SDXWB4HL45II5CZ7P2E4AI/"
},
{
"name": "FEDORA-2019-a1af621faf",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CPM7VPE27DUNJLXM4F5PAAEFFWOEND6X/"
},
{
"name": "DSA-4500",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2019/dsa-4500"
},
{
"name": "20190813 [SECURITY] [DSA 4500-1] chromium security update",
"refsource": "BUGTRAQ",
"url": "https://seclists.org/bugtraq/2019/Aug/19"
},
{
"name": "GLSA-201908-18",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201908-18"
},
{
"name": "FEDORA-2019-e5ff5d0ffd",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EI3DGFVT7CKJO6YVMP55R35HCDVEIC4Z/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"assignerShortName": "Chrome",
"cveId": "CVE-2019-5839",
"datePublished": "2019-06-27T16:13:44",
"dateReserved": "2019-01-09T00:00:00",
"dateUpdated": "2024-08-04T20:09:23.612Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-5832 (GCVE-0-2019-5832)
Vulnerability from cvelistv5
Published
2019-06-27 16:13
Modified
2024-08-04 20:09
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Insufficient policy enforcement
Summary
Insufficient policy enforcement in XMLHttpRequest in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T20:09:23.618Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://chromereleases.googleblog.com/2019/06/stable-channel-update-for-desktop.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://crbug.com/959390"
},
{
"name": "openSUSE-SU-2019:1666",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html"
},
{
"name": "FEDORA-2019-8fb8240d14",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FKN4GPMBQ3SDXWB4HL45II5CZ7P2E4AI/"
},
{
"name": "FEDORA-2019-a1af621faf",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CPM7VPE27DUNJLXM4F5PAAEFFWOEND6X/"
},
{
"name": "DSA-4500",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2019/dsa-4500"
},
{
"name": "20190813 [SECURITY] [DSA 4500-1] chromium security update",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "https://seclists.org/bugtraq/2019/Aug/19"
},
{
"name": "GLSA-201908-18",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201908-18"
},
{
"name": "FEDORA-2019-e5ff5d0ffd",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EI3DGFVT7CKJO6YVMP55R35HCDVEIC4Z/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Chrome",
"vendor": "Google",
"versions": [
{
"lessThan": "75.0.3770.80",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Insufficient policy enforcement in XMLHttpRequest in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to leak cross-origin data via a crafted HTML page."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Insufficient policy enforcement",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-10-14T18:06:16",
"orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"shortName": "Chrome"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://chromereleases.googleblog.com/2019/06/stable-channel-update-for-desktop.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://crbug.com/959390"
},
{
"name": "openSUSE-SU-2019:1666",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html"
},
{
"name": "FEDORA-2019-8fb8240d14",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FKN4GPMBQ3SDXWB4HL45II5CZ7P2E4AI/"
},
{
"name": "FEDORA-2019-a1af621faf",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CPM7VPE27DUNJLXM4F5PAAEFFWOEND6X/"
},
{
"name": "DSA-4500",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2019/dsa-4500"
},
{
"name": "20190813 [SECURITY] [DSA 4500-1] chromium security update",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "https://seclists.org/bugtraq/2019/Aug/19"
},
{
"name": "GLSA-201908-18",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201908-18"
},
{
"name": "FEDORA-2019-e5ff5d0ffd",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EI3DGFVT7CKJO6YVMP55R35HCDVEIC4Z/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@google.com",
"ID": "CVE-2019-5832",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Chrome",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "75.0.3770.80"
}
]
}
}
]
},
"vendor_name": "Google"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Insufficient policy enforcement in XMLHttpRequest in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to leak cross-origin data via a crafted HTML page."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Insufficient policy enforcement"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://chromereleases.googleblog.com/2019/06/stable-channel-update-for-desktop.html",
"refsource": "MISC",
"url": "https://chromereleases.googleblog.com/2019/06/stable-channel-update-for-desktop.html"
},
{
"name": "https://crbug.com/959390",
"refsource": "MISC",
"url": "https://crbug.com/959390"
},
{
"name": "openSUSE-SU-2019:1666",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html"
},
{
"name": "FEDORA-2019-8fb8240d14",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FKN4GPMBQ3SDXWB4HL45II5CZ7P2E4AI/"
},
{
"name": "FEDORA-2019-a1af621faf",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CPM7VPE27DUNJLXM4F5PAAEFFWOEND6X/"
},
{
"name": "DSA-4500",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2019/dsa-4500"
},
{
"name": "20190813 [SECURITY] [DSA 4500-1] chromium security update",
"refsource": "BUGTRAQ",
"url": "https://seclists.org/bugtraq/2019/Aug/19"
},
{
"name": "GLSA-201908-18",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201908-18"
},
{
"name": "FEDORA-2019-e5ff5d0ffd",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EI3DGFVT7CKJO6YVMP55R35HCDVEIC4Z/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"assignerShortName": "Chrome",
"cveId": "CVE-2019-5832",
"datePublished": "2019-06-27T16:13:44",
"dateReserved": "2019-01-09T00:00:00",
"dateUpdated": "2024-08-04T20:09:23.618Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-5837 (GCVE-0-2019-5837)
Vulnerability from cvelistv5
Published
2019-06-27 16:13
Modified
2024-08-04 20:09
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Side-channel information leakage
Summary
Resource size information leakage in Blink in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T20:09:23.212Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://chromereleases.googleblog.com/2019/06/stable-channel-update-for-desktop.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://crbug.com/918293"
},
{
"name": "openSUSE-SU-2019:1666",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html"
},
{
"name": "FEDORA-2019-8fb8240d14",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FKN4GPMBQ3SDXWB4HL45II5CZ7P2E4AI/"
},
{
"name": "FEDORA-2019-a1af621faf",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CPM7VPE27DUNJLXM4F5PAAEFFWOEND6X/"
},
{
"name": "DSA-4500",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2019/dsa-4500"
},
{
"name": "20190813 [SECURITY] [DSA 4500-1] chromium security update",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "https://seclists.org/bugtraq/2019/Aug/19"
},
{
"name": "GLSA-201908-18",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201908-18"
},
{
"name": "FEDORA-2019-e5ff5d0ffd",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EI3DGFVT7CKJO6YVMP55R35HCDVEIC4Z/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Chrome",
"vendor": "Google",
"versions": [
{
"lessThan": "75.0.3770.80",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Resource size information leakage in Blink in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to leak cross-origin data via a crafted HTML page."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Side-channel information leakage",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-10-14T18:06:13",
"orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"shortName": "Chrome"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://chromereleases.googleblog.com/2019/06/stable-channel-update-for-desktop.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://crbug.com/918293"
},
{
"name": "openSUSE-SU-2019:1666",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html"
},
{
"name": "FEDORA-2019-8fb8240d14",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FKN4GPMBQ3SDXWB4HL45II5CZ7P2E4AI/"
},
{
"name": "FEDORA-2019-a1af621faf",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CPM7VPE27DUNJLXM4F5PAAEFFWOEND6X/"
},
{
"name": "DSA-4500",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2019/dsa-4500"
},
{
"name": "20190813 [SECURITY] [DSA 4500-1] chromium security update",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "https://seclists.org/bugtraq/2019/Aug/19"
},
{
"name": "GLSA-201908-18",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201908-18"
},
{
"name": "FEDORA-2019-e5ff5d0ffd",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EI3DGFVT7CKJO6YVMP55R35HCDVEIC4Z/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@google.com",
"ID": "CVE-2019-5837",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Chrome",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "75.0.3770.80"
}
]
}
}
]
},
"vendor_name": "Google"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Resource size information leakage in Blink in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to leak cross-origin data via a crafted HTML page."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Side-channel information leakage"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://chromereleases.googleblog.com/2019/06/stable-channel-update-for-desktop.html",
"refsource": "MISC",
"url": "https://chromereleases.googleblog.com/2019/06/stable-channel-update-for-desktop.html"
},
{
"name": "https://crbug.com/918293",
"refsource": "MISC",
"url": "https://crbug.com/918293"
},
{
"name": "openSUSE-SU-2019:1666",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html"
},
{
"name": "FEDORA-2019-8fb8240d14",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FKN4GPMBQ3SDXWB4HL45II5CZ7P2E4AI/"
},
{
"name": "FEDORA-2019-a1af621faf",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CPM7VPE27DUNJLXM4F5PAAEFFWOEND6X/"
},
{
"name": "DSA-4500",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2019/dsa-4500"
},
{
"name": "20190813 [SECURITY] [DSA 4500-1] chromium security update",
"refsource": "BUGTRAQ",
"url": "https://seclists.org/bugtraq/2019/Aug/19"
},
{
"name": "GLSA-201908-18",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201908-18"
},
{
"name": "FEDORA-2019-e5ff5d0ffd",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EI3DGFVT7CKJO6YVMP55R35HCDVEIC4Z/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"assignerShortName": "Chrome",
"cveId": "CVE-2019-5837",
"datePublished": "2019-06-27T16:13:44",
"dateReserved": "2019-01-09T00:00:00",
"dateUpdated": "2024-08-04T20:09:23.212Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-5828 (GCVE-0-2019-5828)
Vulnerability from cvelistv5
Published
2019-06-27 16:13
Modified
2024-08-04 20:09
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Use after free
Summary
Object lifecycle issue in ServiceWorker in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page.
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T20:09:23.235Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://crbug.com/956597"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://chromereleases.googleblog.com/2019/06/stable-channel-update-for-desktop.html"
},
{
"name": "openSUSE-SU-2019:1666",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html"
},
{
"name": "FEDORA-2019-8fb8240d14",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FKN4GPMBQ3SDXWB4HL45II5CZ7P2E4AI/"
},
{
"name": "FEDORA-2019-a1af621faf",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CPM7VPE27DUNJLXM4F5PAAEFFWOEND6X/"
},
{
"name": "DSA-4500",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2019/dsa-4500"
},
{
"name": "20190813 [SECURITY] [DSA 4500-1] chromium security update",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "https://seclists.org/bugtraq/2019/Aug/19"
},
{
"name": "GLSA-201908-18",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201908-18"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Chrome",
"vendor": "Google",
"versions": [
{
"lessThan": "75.0.3770.80",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Object lifecycle issue in ServiceWorker in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Use after free",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-15T17:06:11",
"orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"shortName": "Chrome"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://crbug.com/956597"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://chromereleases.googleblog.com/2019/06/stable-channel-update-for-desktop.html"
},
{
"name": "openSUSE-SU-2019:1666",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html"
},
{
"name": "FEDORA-2019-8fb8240d14",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FKN4GPMBQ3SDXWB4HL45II5CZ7P2E4AI/"
},
{
"name": "FEDORA-2019-a1af621faf",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CPM7VPE27DUNJLXM4F5PAAEFFWOEND6X/"
},
{
"name": "DSA-4500",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2019/dsa-4500"
},
{
"name": "20190813 [SECURITY] [DSA 4500-1] chromium security update",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "https://seclists.org/bugtraq/2019/Aug/19"
},
{
"name": "GLSA-201908-18",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201908-18"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@google.com",
"ID": "CVE-2019-5828",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Chrome",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "75.0.3770.80"
}
]
}
}
]
},
"vendor_name": "Google"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Object lifecycle issue in ServiceWorker in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Use after free"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://crbug.com/956597",
"refsource": "MISC",
"url": "https://crbug.com/956597"
},
{
"name": "https://chromereleases.googleblog.com/2019/06/stable-channel-update-for-desktop.html",
"refsource": "MISC",
"url": "https://chromereleases.googleblog.com/2019/06/stable-channel-update-for-desktop.html"
},
{
"name": "openSUSE-SU-2019:1666",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html"
},
{
"name": "FEDORA-2019-8fb8240d14",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FKN4GPMBQ3SDXWB4HL45II5CZ7P2E4AI/"
},
{
"name": "FEDORA-2019-a1af621faf",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CPM7VPE27DUNJLXM4F5PAAEFFWOEND6X/"
},
{
"name": "DSA-4500",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2019/dsa-4500"
},
{
"name": "20190813 [SECURITY] [DSA 4500-1] chromium security update",
"refsource": "BUGTRAQ",
"url": "https://seclists.org/bugtraq/2019/Aug/19"
},
{
"name": "GLSA-201908-18",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201908-18"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"assignerShortName": "Chrome",
"cveId": "CVE-2019-5828",
"datePublished": "2019-06-27T16:13:44",
"dateReserved": "2019-01-09T00:00:00",
"dateUpdated": "2024-08-04T20:09:23.235Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-5831 (GCVE-0-2019-5831)
Vulnerability from cvelistv5
Published
2019-06-27 16:13
Modified
2024-08-04 20:09
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Inappropriate implementation
Summary
Object lifecycle issue in V8 in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T20:09:23.381Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://chromereleases.googleblog.com/2019/06/stable-channel-update-for-desktop.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://crbug.com/950328"
},
{
"name": "openSUSE-SU-2019:1666",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html"
},
{
"name": "FEDORA-2019-8fb8240d14",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FKN4GPMBQ3SDXWB4HL45II5CZ7P2E4AI/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2019-0791"
},
{
"name": "FEDORA-2019-a1af621faf",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CPM7VPE27DUNJLXM4F5PAAEFFWOEND6X/"
},
{
"name": "DSA-4500",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2019/dsa-4500"
},
{
"name": "20190813 [SECURITY] [DSA 4500-1] chromium security update",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "https://seclists.org/bugtraq/2019/Aug/19"
},
{
"name": "GLSA-201908-18",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201908-18"
},
{
"name": "FEDORA-2019-e5ff5d0ffd",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EI3DGFVT7CKJO6YVMP55R35HCDVEIC4Z/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Chrome",
"vendor": "Google",
"versions": [
{
"lessThan": "75.0.3770.80",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Object lifecycle issue in V8 in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Inappropriate implementation",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-10-14T18:06:15",
"orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"shortName": "Chrome"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://chromereleases.googleblog.com/2019/06/stable-channel-update-for-desktop.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://crbug.com/950328"
},
{
"name": "openSUSE-SU-2019:1666",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html"
},
{
"name": "FEDORA-2019-8fb8240d14",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FKN4GPMBQ3SDXWB4HL45II5CZ7P2E4AI/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2019-0791"
},
{
"name": "FEDORA-2019-a1af621faf",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CPM7VPE27DUNJLXM4F5PAAEFFWOEND6X/"
},
{
"name": "DSA-4500",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2019/dsa-4500"
},
{
"name": "20190813 [SECURITY] [DSA 4500-1] chromium security update",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "https://seclists.org/bugtraq/2019/Aug/19"
},
{
"name": "GLSA-201908-18",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201908-18"
},
{
"name": "FEDORA-2019-e5ff5d0ffd",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EI3DGFVT7CKJO6YVMP55R35HCDVEIC4Z/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@google.com",
"ID": "CVE-2019-5831",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Chrome",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "75.0.3770.80"
}
]
}
}
]
},
"vendor_name": "Google"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Object lifecycle issue in V8 in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Inappropriate implementation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://chromereleases.googleblog.com/2019/06/stable-channel-update-for-desktop.html",
"refsource": "MISC",
"url": "https://chromereleases.googleblog.com/2019/06/stable-channel-update-for-desktop.html"
},
{
"name": "https://crbug.com/950328",
"refsource": "MISC",
"url": "https://crbug.com/950328"
},
{
"name": "openSUSE-SU-2019:1666",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html"
},
{
"name": "FEDORA-2019-8fb8240d14",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FKN4GPMBQ3SDXWB4HL45II5CZ7P2E4AI/"
},
{
"name": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2019-0791",
"refsource": "MISC",
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2019-0791"
},
{
"name": "FEDORA-2019-a1af621faf",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CPM7VPE27DUNJLXM4F5PAAEFFWOEND6X/"
},
{
"name": "DSA-4500",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2019/dsa-4500"
},
{
"name": "20190813 [SECURITY] [DSA 4500-1] chromium security update",
"refsource": "BUGTRAQ",
"url": "https://seclists.org/bugtraq/2019/Aug/19"
},
{
"name": "GLSA-201908-18",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201908-18"
},
{
"name": "FEDORA-2019-e5ff5d0ffd",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EI3DGFVT7CKJO6YVMP55R35HCDVEIC4Z/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"assignerShortName": "Chrome",
"cveId": "CVE-2019-5831",
"datePublished": "2019-06-27T16:13:44",
"dateReserved": "2019-01-09T00:00:00",
"dateUpdated": "2024-08-04T20:09:23.381Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-5833 (GCVE-0-2019-5833)
Vulnerability from cvelistv5
Published
2019-06-27 16:13
Modified
2024-08-04 20:09
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Incorrect security UI
Summary
Incorrect dialog box scoping in browser in Google Chrome on Android prior to 75.0.3770.80 allowed a remote attacker to display misleading security UI via a crafted HTML page.
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T20:09:23.392Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://chromereleases.googleblog.com/2019/06/stable-channel-update-for-desktop.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://crbug.com/945067"
},
{
"name": "openSUSE-SU-2019:1666",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html"
},
{
"name": "FEDORA-2019-8fb8240d14",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FKN4GPMBQ3SDXWB4HL45II5CZ7P2E4AI/"
},
{
"name": "FEDORA-2019-a1af621faf",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CPM7VPE27DUNJLXM4F5PAAEFFWOEND6X/"
},
{
"name": "DSA-4500",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2019/dsa-4500"
},
{
"name": "20190813 [SECURITY] [DSA 4500-1] chromium security update",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "https://seclists.org/bugtraq/2019/Aug/19"
},
{
"name": "GLSA-201908-18",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201908-18"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Chrome",
"vendor": "Google",
"versions": [
{
"lessThan": "75.0.3770.80",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Incorrect dialog box scoping in browser in Google Chrome on Android prior to 75.0.3770.80 allowed a remote attacker to display misleading security UI via a crafted HTML page."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Incorrect security UI",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-15T17:06:12",
"orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"shortName": "Chrome"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://chromereleases.googleblog.com/2019/06/stable-channel-update-for-desktop.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://crbug.com/945067"
},
{
"name": "openSUSE-SU-2019:1666",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html"
},
{
"name": "FEDORA-2019-8fb8240d14",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FKN4GPMBQ3SDXWB4HL45II5CZ7P2E4AI/"
},
{
"name": "FEDORA-2019-a1af621faf",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CPM7VPE27DUNJLXM4F5PAAEFFWOEND6X/"
},
{
"name": "DSA-4500",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2019/dsa-4500"
},
{
"name": "20190813 [SECURITY] [DSA 4500-1] chromium security update",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "https://seclists.org/bugtraq/2019/Aug/19"
},
{
"name": "GLSA-201908-18",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201908-18"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@google.com",
"ID": "CVE-2019-5833",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Chrome",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "75.0.3770.80"
}
]
}
}
]
},
"vendor_name": "Google"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Incorrect dialog box scoping in browser in Google Chrome on Android prior to 75.0.3770.80 allowed a remote attacker to display misleading security UI via a crafted HTML page."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Incorrect security UI"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://chromereleases.googleblog.com/2019/06/stable-channel-update-for-desktop.html",
"refsource": "MISC",
"url": "https://chromereleases.googleblog.com/2019/06/stable-channel-update-for-desktop.html"
},
{
"name": "https://crbug.com/945067",
"refsource": "MISC",
"url": "https://crbug.com/945067"
},
{
"name": "openSUSE-SU-2019:1666",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html"
},
{
"name": "FEDORA-2019-8fb8240d14",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FKN4GPMBQ3SDXWB4HL45II5CZ7P2E4AI/"
},
{
"name": "FEDORA-2019-a1af621faf",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CPM7VPE27DUNJLXM4F5PAAEFFWOEND6X/"
},
{
"name": "DSA-4500",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2019/dsa-4500"
},
{
"name": "20190813 [SECURITY] [DSA 4500-1] chromium security update",
"refsource": "BUGTRAQ",
"url": "https://seclists.org/bugtraq/2019/Aug/19"
},
{
"name": "GLSA-201908-18",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201908-18"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"assignerShortName": "Chrome",
"cveId": "CVE-2019-5833",
"datePublished": "2019-06-27T16:13:44",
"dateReserved": "2019-01-09T00:00:00",
"dateUpdated": "2024-08-04T20:09:23.392Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-5830 (GCVE-0-2019-5830)
Vulnerability from cvelistv5
Published
2019-06-27 16:13
Modified
2024-08-04 20:09
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Inappropriate implementation
Summary
Insufficient policy enforcement in CORS in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T20:09:23.515Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://chromereleases.googleblog.com/2019/06/stable-channel-update-for-desktop.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://crbug.com/665766"
},
{
"name": "openSUSE-SU-2019:1666",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html"
},
{
"name": "FEDORA-2019-8fb8240d14",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FKN4GPMBQ3SDXWB4HL45II5CZ7P2E4AI/"
},
{
"name": "FEDORA-2019-a1af621faf",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CPM7VPE27DUNJLXM4F5PAAEFFWOEND6X/"
},
{
"name": "DSA-4500",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2019/dsa-4500"
},
{
"name": "20190813 [SECURITY] [DSA 4500-1] chromium security update",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "https://seclists.org/bugtraq/2019/Aug/19"
},
{
"name": "GLSA-201908-18",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201908-18"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Chrome",
"vendor": "Google",
"versions": [
{
"lessThan": "75.0.3770.80",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Insufficient policy enforcement in CORS in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to leak cross-origin data via a crafted HTML page."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Inappropriate implementation",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-15T17:06:12",
"orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"shortName": "Chrome"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://chromereleases.googleblog.com/2019/06/stable-channel-update-for-desktop.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://crbug.com/665766"
},
{
"name": "openSUSE-SU-2019:1666",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html"
},
{
"name": "FEDORA-2019-8fb8240d14",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FKN4GPMBQ3SDXWB4HL45II5CZ7P2E4AI/"
},
{
"name": "FEDORA-2019-a1af621faf",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CPM7VPE27DUNJLXM4F5PAAEFFWOEND6X/"
},
{
"name": "DSA-4500",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2019/dsa-4500"
},
{
"name": "20190813 [SECURITY] [DSA 4500-1] chromium security update",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "https://seclists.org/bugtraq/2019/Aug/19"
},
{
"name": "GLSA-201908-18",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201908-18"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@google.com",
"ID": "CVE-2019-5830",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Chrome",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "75.0.3770.80"
}
]
}
}
]
},
"vendor_name": "Google"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Insufficient policy enforcement in CORS in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to leak cross-origin data via a crafted HTML page."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Inappropriate implementation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://chromereleases.googleblog.com/2019/06/stable-channel-update-for-desktop.html",
"refsource": "MISC",
"url": "https://chromereleases.googleblog.com/2019/06/stable-channel-update-for-desktop.html"
},
{
"name": "https://crbug.com/665766",
"refsource": "MISC",
"url": "https://crbug.com/665766"
},
{
"name": "openSUSE-SU-2019:1666",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html"
},
{
"name": "FEDORA-2019-8fb8240d14",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FKN4GPMBQ3SDXWB4HL45II5CZ7P2E4AI/"
},
{
"name": "FEDORA-2019-a1af621faf",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CPM7VPE27DUNJLXM4F5PAAEFFWOEND6X/"
},
{
"name": "DSA-4500",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2019/dsa-4500"
},
{
"name": "20190813 [SECURITY] [DSA 4500-1] chromium security update",
"refsource": "BUGTRAQ",
"url": "https://seclists.org/bugtraq/2019/Aug/19"
},
{
"name": "GLSA-201908-18",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201908-18"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"assignerShortName": "Chrome",
"cveId": "CVE-2019-5830",
"datePublished": "2019-06-27T16:13:44",
"dateReserved": "2019-01-09T00:00:00",
"dateUpdated": "2024-08-04T20:09:23.515Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-5836 (GCVE-0-2019-5836)
Vulnerability from cvelistv5
Published
2019-06-27 16:13
Modified
2024-08-04 20:09
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Heap buffer overflow
Summary
Heap buffer overflow in ANGLE in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T20:09:23.559Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://chromereleases.googleblog.com/2019/06/stable-channel-update-for-desktop.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://crbug.com/947342"
},
{
"name": "openSUSE-SU-2019:1666",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html"
},
{
"name": "FEDORA-2019-8fb8240d14",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FKN4GPMBQ3SDXWB4HL45II5CZ7P2E4AI/"
},
{
"name": "FEDORA-2019-a1af621faf",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CPM7VPE27DUNJLXM4F5PAAEFFWOEND6X/"
},
{
"name": "DSA-4500",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2019/dsa-4500"
},
{
"name": "20190813 [SECURITY] [DSA 4500-1] chromium security update",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "https://seclists.org/bugtraq/2019/Aug/19"
},
{
"name": "GLSA-201908-18",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201908-18"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Chrome",
"vendor": "Google",
"versions": [
{
"lessThan": "75.0.3770.80",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Heap buffer overflow in ANGLE in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Heap buffer overflow",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-15T17:06:13",
"orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"shortName": "Chrome"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://chromereleases.googleblog.com/2019/06/stable-channel-update-for-desktop.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://crbug.com/947342"
},
{
"name": "openSUSE-SU-2019:1666",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html"
},
{
"name": "FEDORA-2019-8fb8240d14",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FKN4GPMBQ3SDXWB4HL45II5CZ7P2E4AI/"
},
{
"name": "FEDORA-2019-a1af621faf",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CPM7VPE27DUNJLXM4F5PAAEFFWOEND6X/"
},
{
"name": "DSA-4500",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2019/dsa-4500"
},
{
"name": "20190813 [SECURITY] [DSA 4500-1] chromium security update",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "https://seclists.org/bugtraq/2019/Aug/19"
},
{
"name": "GLSA-201908-18",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201908-18"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@google.com",
"ID": "CVE-2019-5836",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Chrome",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "75.0.3770.80"
}
]
}
}
]
},
"vendor_name": "Google"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Heap buffer overflow in ANGLE in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Heap buffer overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://chromereleases.googleblog.com/2019/06/stable-channel-update-for-desktop.html",
"refsource": "MISC",
"url": "https://chromereleases.googleblog.com/2019/06/stable-channel-update-for-desktop.html"
},
{
"name": "https://crbug.com/947342",
"refsource": "MISC",
"url": "https://crbug.com/947342"
},
{
"name": "openSUSE-SU-2019:1666",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html"
},
{
"name": "FEDORA-2019-8fb8240d14",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FKN4GPMBQ3SDXWB4HL45II5CZ7P2E4AI/"
},
{
"name": "FEDORA-2019-a1af621faf",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CPM7VPE27DUNJLXM4F5PAAEFFWOEND6X/"
},
{
"name": "DSA-4500",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2019/dsa-4500"
},
{
"name": "20190813 [SECURITY] [DSA 4500-1] chromium security update",
"refsource": "BUGTRAQ",
"url": "https://seclists.org/bugtraq/2019/Aug/19"
},
{
"name": "GLSA-201908-18",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201908-18"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"assignerShortName": "Chrome",
"cveId": "CVE-2019-5836",
"datePublished": "2019-06-27T16:13:44",
"dateReserved": "2019-01-09T00:00:00",
"dateUpdated": "2024-08-04T20:09:23.559Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-5829 (GCVE-0-2019-5829)
Vulnerability from cvelistv5
Published
2019-06-27 16:13
Modified
2024-08-04 20:09
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Integer overflow
Summary
Integer overflow in download manager in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page.
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T20:09:23.650Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://chromereleases.googleblog.com/2019/06/stable-channel-update-for-desktop.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://crbug.com/958533"
},
{
"name": "openSUSE-SU-2019:1666",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html"
},
{
"name": "FEDORA-2019-8fb8240d14",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FKN4GPMBQ3SDXWB4HL45II5CZ7P2E4AI/"
},
{
"name": "FEDORA-2019-a1af621faf",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CPM7VPE27DUNJLXM4F5PAAEFFWOEND6X/"
},
{
"name": "DSA-4500",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2019/dsa-4500"
},
{
"name": "20190813 [SECURITY] [DSA 4500-1] chromium security update",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "https://seclists.org/bugtraq/2019/Aug/19"
},
{
"name": "GLSA-201908-18",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201908-18"
},
{
"name": "FEDORA-2019-e5ff5d0ffd",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EI3DGFVT7CKJO6YVMP55R35HCDVEIC4Z/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Chrome",
"vendor": "Google",
"versions": [
{
"lessThan": "75.0.3770.80",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Integer overflow in download manager in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Integer overflow",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-10-14T18:06:11",
"orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"shortName": "Chrome"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://chromereleases.googleblog.com/2019/06/stable-channel-update-for-desktop.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://crbug.com/958533"
},
{
"name": "openSUSE-SU-2019:1666",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html"
},
{
"name": "FEDORA-2019-8fb8240d14",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FKN4GPMBQ3SDXWB4HL45II5CZ7P2E4AI/"
},
{
"name": "FEDORA-2019-a1af621faf",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CPM7VPE27DUNJLXM4F5PAAEFFWOEND6X/"
},
{
"name": "DSA-4500",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2019/dsa-4500"
},
{
"name": "20190813 [SECURITY] [DSA 4500-1] chromium security update",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "https://seclists.org/bugtraq/2019/Aug/19"
},
{
"name": "GLSA-201908-18",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201908-18"
},
{
"name": "FEDORA-2019-e5ff5d0ffd",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EI3DGFVT7CKJO6YVMP55R35HCDVEIC4Z/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@google.com",
"ID": "CVE-2019-5829",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Chrome",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "75.0.3770.80"
}
]
}
}
]
},
"vendor_name": "Google"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Integer overflow in download manager in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Integer overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://chromereleases.googleblog.com/2019/06/stable-channel-update-for-desktop.html",
"refsource": "MISC",
"url": "https://chromereleases.googleblog.com/2019/06/stable-channel-update-for-desktop.html"
},
{
"name": "https://crbug.com/958533",
"refsource": "MISC",
"url": "https://crbug.com/958533"
},
{
"name": "openSUSE-SU-2019:1666",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html"
},
{
"name": "FEDORA-2019-8fb8240d14",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FKN4GPMBQ3SDXWB4HL45II5CZ7P2E4AI/"
},
{
"name": "FEDORA-2019-a1af621faf",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CPM7VPE27DUNJLXM4F5PAAEFFWOEND6X/"
},
{
"name": "DSA-4500",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2019/dsa-4500"
},
{
"name": "20190813 [SECURITY] [DSA 4500-1] chromium security update",
"refsource": "BUGTRAQ",
"url": "https://seclists.org/bugtraq/2019/Aug/19"
},
{
"name": "GLSA-201908-18",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201908-18"
},
{
"name": "FEDORA-2019-e5ff5d0ffd",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EI3DGFVT7CKJO6YVMP55R35HCDVEIC4Z/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"assignerShortName": "Chrome",
"cveId": "CVE-2019-5829",
"datePublished": "2019-06-27T16:13:44",
"dateReserved": "2019-01-09T00:00:00",
"dateUpdated": "2024-08-04T20:09:23.650Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…