CVE-2019-5812 — Improper Input Validation in Google Chrome

CWE-20 — Improper Input Validation6 documents6 sources

Severity

6.5MEDIUMNVD

EPSS

0.5%

top 35.31%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Google Chrome Fedoraproject Fedora Debian Chromium

Timeline

PublishedJun 27

Latest updateMay 24

Description

Inadequate security UI in iOS UI in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to perform domain spoofing via a crafted HTML page.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages3 packages

▶CVEListV5google/chromeunspecified — 74.0.3729.108

▶NVDgoogle/chrome< 74.0.3729.108

▶debiandebian/chromium

Also affects: Fedora 29

🔴Vulnerability Details

GHSA

GHSA-3gfq-rwmc-frjq: Inadequate security UI in iOS UI in Google Chrome prior to 74↗2022-05-24

▶

OSV

CVE-2019-5812: Inadequate security UI in iOS UI in Google Chrome prior to 74↗2019-06-27

▶

📋Vendor Advisories

Red Hat

chromium-browser: URL spoof in Omnibox on iOS↗2019-04-23

▶

Debian

CVE-2019-5812: chromium - Inadequate security UI in iOS UI in Google Chrome prior to 74.0.3729.108 allowed...↗2019

▶

💬Community

Bugzilla

CVE-2019-5812 chromium-browser: URL spoof in Omnibox on iOS↗2019-04-25

▶