CVE-2019-25154 — Google Chrome vulnerability

5 documents5 sources

Severity

9.6CRITICALNVD

EPSS

0.4%

top 41.68%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Google Chrome Chromium

Timeline

PublishedJul 16

Latest updateJul 17

Description

Inappropriate implementation in iframe in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium)

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:HExploitability: 2.8 | Impact: 6.0

Affected Packages3 packages

▶CVEListV5google/chrome77.0.3865.75 — 77.0.3865.75

▶NVDgoogle/chrome< 77.0.3865.75

▶Debianchromium/chromium< 78.0.3904.87-1+3

🔴Vulnerability Details

GHSA

GHSA-29qw-fxp9-wj84: Inappropriate implementation in iframe in Google Chrome prior to 77↗2024-07-17

▶

OSV

CVE-2019-25154: Inappropriate implementation in iframe in Google Chrome prior to 77↗2024-07-16

▶

CVEList

CVE-2019-25154: Inappropriate implementation in iframe in Google Chrome prior to 77↗2024-07-16

▶

📋Vendor Advisories

Debian

CVE-2019-25154: chromium - Inappropriate implementation in iframe in Google Chrome prior to 77.0.3865.75 al...↗2019

▶