CVE-2019-5780 — Improper Input Validation in Google Chrome

CWE-20 — Improper Input Validation7 documents7 sources

Severity

7.8HIGHNVD

EPSS

0.0%

top 91.85%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Google Chrome Chromium Debian Linux +4 more

Timeline

PublishedFeb 19

Latest updateMay 13

Description

Insufficient restrictions on what can be done with Apple Events in Google Chrome on macOS prior to 72.0.3626.81 allowed a local attacker to execute JavaScript via Apple Events.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages6 packages

▶CVEListV5google/chromeunspecified — 72.0.3626.81

▶NVDgoogle/chrome< 72.0.3626.81

▶Debianchromium/chromium< 72.0.3626.81-1+3

▶NVDredhat/enterprise_linux_server6.0

▶NVDredhat/enterprise_linux_desktop6.0

Also affects: Debian Linux 9.0, Fedora 29, 30

🔴Vulnerability Details

GHSA

GHSA-jqvp-6g4r-hp7v: Insufficient restrictions on what can be done with Apple Events in Google Chrome on macOS prior to 72↗2022-05-13

▶

CVEList

CVE-2019-5780: Insufficient restrictions on what can be done with Apple Events in Google Chrome on macOS prior to 72↗2019-02-19

▶

OSV

CVE-2019-5780: Insufficient restrictions on what can be done with Apple Events in Google Chrome on macOS prior to 72↗2019-02-19

▶

📋Vendor Advisories

Red Hat

chromium-browser: Insufficient policy enforcement↗2019-01-29

▶

Debian

CVE-2019-5780: chromium - Insufficient restrictions on what can be done with Apple Events in Google Chrome...↗2019

▶

💬Community

Bugzilla

CVE-2019-5780 chromium-browser: Insufficient policy enforcement↗2019-01-30

▶