CVE-2019-13754

Insufficient policy enforcement in extensions in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
4.3 MEDIUM
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 51%
Affected Products (NVD)
VendorProductVersion
googlechrome
𝑥
< 79.0.3945.79
debiandebian_linux
9.0
debiandebian_linux
10.0
redhatenterprise_linux_desktop
6.0
redhatenterprise_linux_desktop
6.0
redhatenterprise_linux_for_scientific_computing
6.0
redhatenterprise_linux_for_scientific_computing
6.0
redhatenterprise_linux_server
6.0
redhatenterprise_linux_server
6.0
redhatenterprise_linux_workstation
6.0
redhatenterprise_linux_workstation
6.0
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
chromium
bookworm
128.0.6613.84-1~deb12u1
fixed
bookworm (security)
130.0.6723.91-1~deb12u1
fixed
bullseye
120.0.6099.224-1~deb11u1
fixed
bullseye (security)
120.0.6099.224-1~deb11u1
fixed
sid
130.0.6723.91-2
fixed
trixie
129.0.6668.89-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
chromium-browser
bionic
Fixed 79.0.3945.79-0ubuntu0.18.04.1
released
disco
Fixed 79.0.3945.79-0ubuntu0.19.04.3
released
eoan
Fixed 79.0.3945.79-0ubuntu0.19.10.2
released
trusty
dne
xenial
Fixed 79.0.3945.79-0ubuntu0.16.04.1
released
openSUSE logo
openSUSE / SLES Releases
openSUSE Product
Release
qemu
suse enterprise server 15 SP1
3.1.1.1-150100.80.51.5
fixed
qemu-arm
suse enterprise server 15 SP1
3.1.1.1-150100.80.51.5
fixed
qemu-audio-alsa
suse enterprise server 15 SP1
3.1.1.1-150100.80.51.5
fixed
qemu-audio-oss
suse enterprise server 15 SP1
3.1.1.1-150100.80.51.5
fixed
qemu-audio-pa
suse enterprise server 15 SP1
3.1.1.1-150100.80.51.5
fixed
qemu-block-curl
suse enterprise server 15 SP1
3.1.1.1-150100.80.51.5
fixed
qemu-block-iscsi
suse enterprise server 15 SP1
3.1.1.1-150100.80.51.5
fixed
qemu-block-rbd
suse enterprise server 15 SP1
3.1.1.1-150100.80.51.5
fixed
qemu-block-ssh
suse enterprise server 15 SP1
3.1.1.1-150100.80.51.5
fixed
qemu-guest-agent
suse enterprise server 15 SP1
3.1.1.1-150100.80.51.5
fixed
qemu-kvm
suse enterprise server 15 SP1
3.1.1.1-150100.80.51.5
fixed
qemu-lang
suse enterprise server 15 SP1
3.1.1.1-150100.80.51.5
fixed
qemu-ppc
suse enterprise server 15 SP1
3.1.1.1-150100.80.51.5
fixed
qemu-s390
suse enterprise server 15 SP1
3.1.1.1-150100.80.51.5
fixed
qemu-sgabios-8
suse enterprise server 15 SP1
150100.80.51.5
fixed
qemu-tools
suse enterprise server 15 SP1
3.1.1.1-150100.80.51.5
fixed
qemu-ui-curses
suse enterprise server 15 SP1
3.1.1.1-150100.80.51.5
fixed
qemu-ui-gtk
suse enterprise server 15 SP1
3.1.1.1-150100.80.51.5
fixed
qemu-x86
suse enterprise server 15 SP1
3.1.1.1-150100.80.51.5
fixed
Red Hat logo
Red Hat Enterprise Linux Releases
Red Hat Product
Release
chromium-browser
RHEL 6
0:79.0.3945.79-1.el6_10
fixed
References
http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00032.html
http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00036.html
https://access.redhat.com/errata/RHSA-2019:4238
https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop.html
https://crbug.com/442579
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2Z5M4FPUMDNX2LDPHJKN5ZV5GIS2AKNU/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N5CIQCVS6E3ULJCNU7YJXJPO2BLQZDTK/
https://seclists.org/bugtraq/2020/Jan/27
https://security.gentoo.org/glsa/202003-08
https://www.debian.org/security/2020/dsa-4606
http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00032.html
http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00036.html
https://access.redhat.com/errata/RHSA-2019:4238
https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop.html
https://crbug.com/442579
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2Z5M4FPUMDNX2LDPHJKN5ZV5GIS2AKNU/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N5CIQCVS6E3ULJCNU7YJXJPO2BLQZDTK/
https://seclists.org/bugtraq/2020/Jan/27
https://security.gentoo.org/glsa/202003-08
https://www.debian.org/security/2020/dsa-4606