CVE-2019-13702Improper Privilege Management in Google Chrome

CWE-269Improper Privilege Management10 documents8 sources
Severity
7.8HIGHNVD
EPSS
0.2%
top 60.65%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Google ChromeOpensuse Backports SLE
Timeline
PublishedNov 25
Latest updateMay 24

Description

Inappropriate implementation in installer in Google Chrome on Windows prior to 78.0.3904.70 allowed a local attacker to perform privilege escalation via a crafted executable.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages3 packages

CVEListV5google/chromeunspecified78.0.3904.70
NVDgoogle/chrome< 78.0.3904.70

🔴Vulnerability Details

3
GHSA
GHSA-456j-pp8g-p3qx: Inappropriate implementation in installer in Google Chrome on Windows prior to 782022-05-24
CVEList
CVE-2019-13702: Inappropriate implementation in installer in Google Chrome on Windows prior to 782019-11-25
OSV
CVE-2019-13702: Inappropriate implementation in installer in Google Chrome on Windows prior to 782019-11-25

📋Vendor Advisories

3
Red Hat
chromium-browser: Privilege elevation in Installer2019-10-22
Chrome
Stable Channel Update for Desktop: CVE-2019-137022019-10-22
Debian
CVE-2019-13702: chromium - Inappropriate implementation in installer in Google Chrome on Windows prior to 7...2019

💬Community

3
Bugzilla
CVE-2019-13699 CVE-2019-13700 CVE-2019-13701 CVE-2019-13702 CVE-2019-13703 CVE-2019-13704 CVE-2019-13705 CVE-2019-13706 CVE-2019-13707 CVE-2019-13708 CVE-2019-13709 CVE-2019-13710 CVE-2019-13711 CVE-22019-10-23
Bugzilla
CVE-2019-13699 CVE-2019-13700 CVE-2019-13701 CVE-2019-13702 CVE-2019-13703 CVE-2019-13704 CVE-2019-13705 CVE-2019-13706 CVE-2019-13707 CVE-2019-13708 CVE-2019-13709 CVE-2019-13710 CVE-2019-13711 CVE-22019-10-23
Bugzilla
CVE-2019-13702 chromium-browser: Privilege elevation in Installer2019-10-23
CVE-2019-13702 — Improper Privilege Management | cvebase