CVE-2019-5774 — Missing Authorization in Google Chrome

CWE-862 — Missing Authorization7 documents7 sources

Severity

8.8HIGHNVD

EPSS

0.9%

top 24.84%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Google Chrome Chromium Debian Linux +4 more

Timeline

PublishedFeb 19

Latest updateMay 13

Description

Omission of the .desktop filetype from the Safe Browsing checklist in SafeBrowsing in Google Chrome on Linux prior to 72.0.3626.81 allowed an attacker who convinced a user to download a .desktop file to execute arbitrary code via a downloaded .desktop file.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages6 packages

▶NVDredhat/enterprise_linux_desktop6.0

▶CVEListV5google/chromeunspecified — 72.0.3626.81

▶NVDgoogle/chrome< 72.0.3626.81

▶NVDredhat/enterprise_linux_server6.0

▶NVDredhat/enterprise_linux_workstation6.0

Also affects: Debian Linux 9.0, Fedora 29, 30

🔴Vulnerability Details

GHSA

GHSA-fpc2-4gv7-m4x8: Omission of the↗2022-05-13

▶

CVEList

CVE-2019-5774: Omission of the↗2019-02-19

▶

OSV

CVE-2019-5774: Omission of the↗2019-02-19

▶

📋Vendor Advisories

Red Hat

chromium-browser: Insufficient validation of untrusted input in SafeBrowsing↗2019-01-29

▶

Debian

CVE-2019-5774: chromium - Omission of the .desktop filetype from the Safe Browsing checklist in SafeBrowsi...↗2019

▶

💬Community

Bugzilla

CVE-2019-5774 chromium-browser: Insufficient validation of untrusted input in SafeBrowsing↗2019-01-30

▶