cbcvebase.
CVE-2019-5840
published 2019-06-27

CVE-2019-5840: Incorrect security UI in popup blocker in Google Chrome on iOS prior to 75.0.3770.80 allowed a remote attacker to bypass navigation restrictions via a crafted…

PriorityP276medium4.3CVSS 3.1
AVNACLPRNUIRSUCNILAN
ITWVulnCheck KEV
Exploited in the wild
EPSS
1.06%
60.3th percentile
Incorrect security UI in popup blocker in Google Chrome on iOS prior to 75.0.3770.80 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.

Affected

14 ranges
VendorProductVersion rangeFixed in
chromiumchromium>= 0 < 75.0.3770.80-175.0.3770.80-1
chromiumchromium>= 0 < 75.0.3770.80-175.0.3770.80-1
chromiumchromium>= 0 < 75.0.3770.80-175.0.3770.80-1
chromiumchromium>= 0 < 75.0.3770.80-175.0.3770.80-1
debianchromium< chromium 75.0.3770.80-1 (bookworm)chromium 75.0.3770.80-1 (bookworm)
debiandebian_linux
fedoraprojectfedora
fedoraprojectfedora
googlechrome< 75.0.3770.8075.0.3770.80
googlechrome>= unspecified < 75.0.3770.8075.0.3770.80
opensusebackports
opensuseleap
opensuseleap
opensuseleap

Detection & IOCsextracted from sources · hover to see the quote

  • ·Vulnerability affects Google Chrome on iOS only, prior to version 75.0.3770.80. The bypass is triggered via a crafted HTML page exploiting incorrect security UI in the popup blocker.
  • ·Fixed in Chromium package version 75.0.3770.80-1 across Debian releases (bookworm, bullseye, forky, sid, trixie).
  • ·Red Hat addressed this issue in Red Hat Enterprise Linux 6 Supplementary via RHSA-2019:1477.

CVSS provenance

nvdv3.14.3MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:P/A:N
osv4.3MEDIUM
vulncheck4.3MEDIUM
vendor_debian4.3MEDIUM
vendor_redhat4.3MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.