PT-2019-5108 · Google+3 · Google Chrome+3

Sergey Shekyan

·

Published

2019-06-04

·

Updated

2024-06-15

·

CVE-2019-5832

CVSS v2.0

7.1

High

VectorAV:N/AC:M/Au:N/C:C/I:N/A:N
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 75.0.3770.80
Description The issue is related to insufficient policy enforcement in the XMLHttpRequest component of Google Chrome, allowing a remote attacker to leak cross-origin data. This can be achieved through a specially crafted HTML page, potentially leading to unauthorized access to confidential information.
Recommendations For versions prior to 75.0.3770.80, update to version 75.0.3770.80 or later to resolve the issue. As a temporary workaround, consider restricting access to sensitive information when using Google Chrome until the update is applied.

Fix

Improper Access Control

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-284

Related Identifiers

ALT-PU-2019-2410
ALT-PU-2019-2502
BDU:2020-01774
CVE-2019-5832
DSA-4500-1
MGASA-2019-0283
OPENSUSE-SU-2019:1557-1
OPENSUSE-SU-2019:1558-1
OPENSUSE-SU-2019:1666-1
OPENSUSE-SU-2019_1557-1
OPENSUSE-SU-2019_1558-1
OPENSUSE-SU-2019_1559-1
OPENSUSE-SU-2019_1666-1
OPENSUSE-SU-2024:10681-1
OPENSUSE-SU-2024:12948-1
RHSA-2019:1477
RHSA-2019_1477

Affected Products

Alt Linux
Google Chrome
Red Hat
Suse