CVE-2019-5819 — Improper Input Validation in Google Chrome

CWE-20 — Improper Input Validation CWE-78 — OS Command Injection9 documents7 sources

Severity

7.8HIGHNVD

EPSS

0.0%

top 89.55%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Google Chrome Chromium Debian Linux +3 more

Timeline

PublishedJun 27

Latest updateMay 24

Description

Insufficient data validation in developer tools in Google Chrome on OS X prior to 74.0.3729.108 allowed a local attacker to execute arbitrary code via a crafted string copied to clipboard.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages5 packages

▶CVEListV5google/chromeunspecified — 74.0.3729.108

▶NVDgoogle/chrome< 74.0.3729.108

▶Debianchromium/chromium< 74.0.3729.108-1+3

▶NVDopensuse/leap15.0, 15.1, 42.3+2

▶NVDopensuse/backportssle-15

Also affects: Debian Linux 10.0, Fedora 29, 30

🔴Vulnerability Details

GHSA

GHSA-mpw8-x93p-424r: Insufficient data validation in developer tools in Google Chrome on OS X prior to 74↗2022-05-24

▶

OSV

CVE-2019-5819: Insufficient data validation in developer tools in Google Chrome on OS X prior to 74↗2019-06-27

▶

CVEList

CVE-2019-5819: Insufficient data validation in developer tools in Google Chrome on OS X prior to 74↗2019-06-27

▶

📋Vendor Advisories

Red Hat

chromium-browser: Incorrect escaping in developer tools↗2019-04-23

▶

Debian

CVE-2019-5819: chromium - Insufficient data validation in developer tools in Google Chrome on OS X prior t...↗2019

▶

💬Community

Bugzilla

CVE-2019-5805 CVE-2019-5806 CVE-2019-5807 CVE-2019-5808 CVE-2019-5809 CVE-2019-5810 CVE-2019-5811 CVE-2019-5813 CVE-2019-5814 CVE-2019-5815 CVE-2019-5818 CVE-2019-5819 CVE-2019-5820 CVE-2019-5821 CVE-↗2019-04-25

▶

Bugzilla

CVE-2019-5819 chromium-browser: Incorrect escaping in developer tools↗2019-04-25

▶

Bugzilla

▶