CVE-2019-13674 — Google Chrome vulnerability

7 documents7 sources

Severity

4.3MEDIUMNVD

EPSS

0.2%

top 53.49%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Google Chrome Chromium Debian Chromium

Timeline

PublishedNov 25

Latest updateMay 24

Description

IDN spoofing in Omnibox in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages4 packages

▶CVEListV5google/chromeunspecified — 77.0.3865.75

▶NVDgoogle/chrome< 77.0.3865.75

▶debiandebian/chromium< chromium 78.0.3904.87-1 (bookworm)

▶Debianchromium/chromium< 78.0.3904.87-1+3

🔴Vulnerability Details

GHSA

GHSA-79rx-rpqc-99fp: IDN spoofing in Omnibox in Google Chrome prior to 77↗2022-05-24

▶

Project0

Déjà vu-lnerability - Project Zero↗2021-02-01

▶

OSV

CVE-2019-13674: IDN spoofing in Omnibox in Google Chrome prior to 77↗2019-11-25

▶

📋Vendor Advisories

Red Hat

chromium-browser: IDN spoofing↗2019-09-10

▶

Debian

CVE-2019-13674: chromium - IDN spoofing in Omnibox in Google Chrome prior to 77.0.3865.75 allowed a remote ...↗2019

▶

💬Community

Bugzilla

CVE-2019-13674 chromium-browser: IDN spoofing↗2019-10-16

▶