PT-2020-10004 · Avast+1 · Avast Secure Browser+1

Published

2020-01-13

Updated

2020-01-22

CVE-2019-18893

CVSS v3.1

6.1

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions Avast Secure Browser version 77.1.1831.91 AVG Secure Browser version 77.0.1790.77

Description The issue allows websites to execute their code in the context of the Video Downloader component, which has a wide set of privileges. This includes accessing cookies and browsing history, spying on the user while they are surfing the web, and altering their surfing experience in almost arbitrary ways.

Recommendations For Avast Secure Browser version 77.1.1831.91, update the Video Downloader component to version 1.5 or later. For AVG Secure Browser version 77.0.1790.77, update the Video Downloader component to version 1.5 or later.

Exploit

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2019-18893

Affected Products

Avg Secure Browser

Avast Secure Browser

PT-2020-10004 · Avast+1 · Avast Secure Browser+1

CVE-2019-18893

Weakness Enumeration

Related Identifiers

Affected Products

References · 3