CVE-2019-13677MEDIUM
Description
Insufficient policy enforcement in site isolation in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to bypass site isolation via a crafted HTML page.
References
https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop.html
Details
Source: MITRE
Published: 2019-11-25
Updated: 2019-12-02
Type: CWE-732
Risk Information
CVSS v2.0
Base Score: 4.3
Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N
Impact Score: 2.9
Exploitability Score: 8.6
Severity: MEDIUM
CVSS v3.0
Base Score: 6.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Impact Score: 3.6
Exploitability Score: 2.8
Severity: MEDIUM
Vulnerable Software
Configuration 1
OR
Tenable Plugins
| ID | Name | Product | Family | Severity |
|---|---|---|---|---|
| 131266 | GLSA-201911-06 : Chromium, Google Chrome: Multiple vulnerabilities | Nessus | Gentoo Local Security Checks | medium |
| 131043 | Fedora 29 : chromium (2019-8508d74523) | Nessus | Fedora Local Security Checks | medium |
| 131037 | Fedora 30 : chromium (2019-2fa7552273) | Nessus | Fedora Local Security Checks | medium |
| 130774 | Debian DSA-4562-1 : chromium - security update | Nessus | Debian Local Security Checks | medium |
| 130614 | Fedora 31 : chromium (2019-5975f6ca93) | Nessus | Fedora Local Security Checks | medium |
| 130372 | RHEL 6 : chromium-browser (RHSA-2019:3211) | Nessus | Red Hat Local Security Checks | medium |
| 130309 | Fedora 31 : chromium (2019-9a5e81214f) | Nessus | Fedora Local Security Checks | medium |
| 129279 | openSUSE Security Update : chromium (openSUSE-2019-2152) | Nessus | SuSE Local Security Checks | medium |
| 129094 | openSUSE Security Update : chromium (openSUSE-2019-2153) | Nessus | SuSE Local Security Checks | medium |
| 128741 | Google Chrome < 77.0.3865.75 Multiple Vulnerabilities | Nessus | Windows | medium |
| 128740 | Google Chrome < 77.0.3865.75 Multiple Vulnerabilities | Nessus | MacOS X Local Security Checks | medium |