CVE-2019-5839Improper Input Validation in Google Chrome

CWE-20Improper Input Validation9 documents7 sources
Severity
4.3MEDIUMNVD
EPSS
1.0%
top 22.81%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
6
Google ChromeChromiumDebian Linux+3 more
Timeline
PublishedJun 27
Latest updateMay 24

Description

Excessive data validation in URL parser in Google Chrome prior to 75.0.3770.80 allowed a remote attacker who convinced a user to input a URL to bypass website URL validation via a crafted URL.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages5 packages

CVEListV5google/chromeunspecified75.0.3770.80
NVDgoogle/chrome< 75.0.3770.80
Debianchromium/chromium< 75.0.3770.80-1+3
NVDopensuse/leap15.0, 15.1, 42.3+2
NVDopensuse/backportssle-15

Also affects: Debian Linux 10.0, Fedora 29, 30

🔴Vulnerability Details

3
GHSA
GHSA-gvgm-q66c-22r4: Excessive data validation in URL parser in Google Chrome prior to 752022-05-24
CVEList
CVE-2019-5839: Excessive data validation in URL parser in Google Chrome prior to 752019-06-27
OSV
CVE-2019-5839: Excessive data validation in URL parser in Google Chrome prior to 752019-06-27

📋Vendor Advisories

2
Red Hat
chromium-browser: Incorrect handling of certain code points in Blink2019-06-04
Debian
CVE-2019-5839: chromium - Excessive data validation in URL parser in Google Chrome prior to 75.0.3770.80 a...2019

💬Community

3
Bugzilla
CVE-2019-5828 CVE-2019-5829 CVE-2019-5830 CVE-2019-5831 CVE-2019-5832 CVE-2019-5833 CVE-2019-5834 CVE-2019-5835 CVE-2019-5836 CVE-2019-5837 CVE-2019-5838 CVE-2019-5839 CVE-2019-5840 chromium: various 2019-06-07
Bugzilla
CVE-2019-5828 CVE-2019-5829 CVE-2019-5830 CVE-2019-5831 CVE-2019-5832 CVE-2019-5833 CVE-2019-5834 CVE-2019-5835 CVE-2019-5836 CVE-2019-5837 CVE-2019-5838 CVE-2019-5839 CVE-2019-5840 chromium: various 2019-06-07
Bugzilla
CVE-2019-5839 chromium-browser: Incorrect handling of certain code points in Blink2019-06-07
CVE-2019-5839 — Improper Input Validation in Google | cvebase