cbcvebase.
CVE-2019-13710
published 2019-11-25

CVE-2019-13710: Insufficient validation of untrusted input in downloads in Google Chrome prior to 78.0.3904.70 allowed a remote attacker to bypass download restrictions via a…

medium4.3CVSS 3.1
AVNACLPRNUIRSUCNILAN
Insufficient validation of untrusted input in downloads in Google Chrome prior to 78.0.3904.70 allowed a remote attacker to bypass download restrictions via a crafted HTML page.

Affected

9 ranges
VendorProductVersion rangeFixed in
chromiumchromium>= 0 < 78.0.3904.87-178.0.3904.87-1
chromiumchromium>= 0 < 78.0.3904.87-178.0.3904.87-1
chromiumchromium>= 0 < 78.0.3904.87-178.0.3904.87-1
chromiumchromium>= 0 < 78.0.3904.87-178.0.3904.87-1
debianchromium< chromium 78.0.3904.87-1 (bookworm)chromium 78.0.3904.87-1 (bookworm)
googlechrome< 78.0.3904.7078.0.3904.70
googlechrome>= unspecified < 78.0.3904.7078.0.3904.70
googlechrome_chrome
opensusebackports_sle

CVSS provenance

nvdv3.14.3MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
osv4.3MEDIUM