CVE-2019-5880

HIGH

Google Chrome < 77.0.3865.75 - Cross-Origin Data Leak via Crafted HTML Page

Title source: llm

Description

Insufficient policy enforcement in Blink in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

References (2)

Core 2

Core References

Release Notes, Vendor Advisory x_refsource_misc

https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop.html

Issue Tracking x_refsource_misc

https://crbug.com/831725

Scores

CVSS v3 7.4

EPSS 0.0088

EPSS Percentile 54.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N

Details

CWE

CWE-200

Status published

Products (1)

google/chrome < 77.0.3865.75

Published Nov 25, 2019

Tracked Since Feb 18, 2026