CVE-2019-5767 — UI Misrepresentation / Clickjacking in Google Chrome

CWE-1021 — UI Misrepresentation / Clickjacking9 documents7 sources

Severity

6.5MEDIUMNVD

EPSS

0.5%

top 35.84%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Google Chrome Chromium Debian Linux +4 more

Timeline

PublishedFeb 19

Latest updateMay 13

Description

Insufficient protection of permission UI in WebAPKs in Google Chrome on Android prior to 72.0.3626.81 allowed an attacker who convinced the user to install a malicious application to access privacy/security sensitive web APIs via a crafted APK.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages6 packages

▶CVEListV5google/chromeunspecified — 72.0.3626.81

▶NVDgoogle/chrome< 72.0.3626.81

▶Debianchromium/chromium< 72.0.3626.81-1+3

▶NVDredhat/enterprise_linux_server6.0

▶NVDredhat/enterprise_linux_desktop6.0

Also affects: Debian Linux 9.0, Fedora 29, 30

🔴Vulnerability Details

GHSA

GHSA-jqrx-m66p-g7jf: Insufficient protection of permission UI in WebAPKs in Google Chrome on Android prior to 72↗2022-05-13

▶

OSV

CVE-2019-5767: Insufficient protection of permission UI in WebAPKs in Google Chrome on Android prior to 72↗2019-02-19

▶

CVEList

CVE-2019-5767: Insufficient protection of permission UI in WebAPKs in Google Chrome on Android prior to 72↗2019-02-19

▶

📋Vendor Advisories

Red Hat

chromium-browser: Incorrect security UI in WebAPKs↗2019-01-29

▶

Debian

CVE-2019-5767: chromium - Insufficient protection of permission UI in WebAPKs in Google Chrome on Android ...↗2019

▶

💬Community

Bugzilla

CVE-2019-5767 chromium-browser: Incorrect security UI in WebAPKs↗2019-01-30

▶

Bugzilla

CVE-2019-5754 CVE-2019-5755 CVE-2019-5756 CVE-2019-5757 CVE-2019-5758 CVE-2019-5759 CVE-2019-5760 CVE-2019-5761 CVE-2019-5762 CVE-2019-5763 CVE-2019-5764 CVE-2019-5765 CVE-2019-5766 CVE-2019-5767 CVE-↗2019-01-30

▶

Bugzilla

▶