CVE-2019-13740

MEDIUM

Google Chrome <79.0.3945.79 - CSRF

Title source: llm

Description

Incorrect security UI in sharing in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to perform domain spoofing via a crafted HTML page.

References (10)

[Broken Link] http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00032.html

[Broken Link] http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00036.html

[Third Party Advisory] https://access.redhat.com/errata/RHSA-2019:4238

[Vendor Advisory] https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop.html

[Permissions Required, Vendor Advisory] https://crbug.com/1005596

[Mailing List, Third Party Advisory] https://seclists.org/bugtraq/2020/Jan/27

[Third Party Advisory] https://security.gentoo.org/glsa/202003-08

[Third Party Advisory] https://www.debian.org/security/2020/dsa-4606

[Mailing List, Third Party Advisory] https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2Z5M4FPUMDNX2LDPHJKN5ZV5GIS2AKNU/

[Mailing List, Third Party Advisory] https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N5CIQCVS6E3ULJCNU7YJXJPO2BLQZDTK/

Scores

CVSS v3 6.5

EPSS 0.0097

EPSS Percentile 76.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

Classification

CWE

CWE-346

Status published

Affected Products (13)

google/chrome < 79.0.3945.79

debian/debian_linux

debian/debian_linux

fedoraproject/fedora

fedoraproject/fedora

redhat/enterprise_linux_desktop

redhat/enterprise_linux_desktop

redhat/enterprise_linux_for_scientific_computing

redhat/enterprise_linux_for_scientific_computing

redhat/enterprise_linux_server

redhat/enterprise_linux_server

redhat/enterprise_linux_workstation

redhat/enterprise_linux_workstation

Timeline

Published Dec 10, 2019

Tracked Since Feb 18, 2026