CVE-2019-13684 — Observable Discrepancy in Google Chrome

CWE-203 — Observable Discrepancy CWE-200 — Sensitive Information Exposure4 documents4 sources

Severity

5.3MEDIUMNVD

EPSS

0.2%

top 63.60%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Google Chrome Chromium Debian Chromium

Timeline

PublishedNov 25

Latest updateMay 24

Description

Inappropriate implementation in JavaScript in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:NExploitability: 1.6 | Impact: 3.6

Affected Packages4 packages

▶CVEListV5google/chromeunspecified — 72.0.3626.81

▶NVDgoogle/chrome< 72.0.3626.81

▶debiandebian/chromium< chromium 72.0.3626.81-1 (bookworm)

▶Debianchromium/chromium< 72.0.3626.81-1+3

🔴Vulnerability Details

GHSA

GHSA-fxrv-qpg2-74h3: Inappropriate implementation in JavaScript in Google Chrome prior to 72↗2022-05-24

▶

OSV

CVE-2019-13684: Inappropriate implementation in JavaScript in Google Chrome prior to 72↗2019-11-25

▶

📋Vendor Advisories

Debian

CVE-2019-13684: chromium - Inappropriate implementation in JavaScript in Google Chrome prior to 72.0.3626.8...↗2019

▶