CVE-2019-5778

Description

A missing case for handling special schemes in permission request checks in Extensions in Google Chrome prior to 72.0.3626.81 allowed an attacker who convinced a user to install a malicious extension to bypass extension permission checks for privileged pages via a crafted Chrome Extension.

Risk Information

Base Score

6.5

MODERATE

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

EPSS Score

Exploitation Probability

0.465

Associated Vulnerability

Vulnerability	OS Platform
Multiple vulnerabilities fixed in Google Chrome (x64) (72.0.3626.81)	Windows
Multiple vulnerabilities fixed in Google Chrome (72.0.3626.81)	Windows
Multiple vulnerabilities are fixed in Update for Google Chrome For Mac (72.0.3626.81)	Mac
Multiple vulnerabilities fixed in Google Chrome (72.0.3626.81) (For Debian)	Linux
Multiple vulnerabilities fixed in Google Chrome (72.0.3626.81) (For Centos)	Linux
Multiple vulnerabilities fixed in Google Chrome (72.0.3626.81) (For RedHat)	Linux
Multiple vulnerabilities fixed in Google Chrome (72.0.3626.81) (For Suse)	Linux
Multiple vulnerabilities fixed in Google Chrome (72.0.3626.81) (For Ubuntu)	Linux

Patch Details

Click to see the patches provided by ManageEngine for this CVE

Patch ID	Patch Description
PATCH-313039	Google Chrome (x64) (80.0.3987.122)
PATCH-313039	Google Chrome (x64) (80.0.3987.122)
PATCH-609673	Google Chrome for Mac (132.0.6834.83, 132.0.6834.84)

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234