CVE-2019-5838

Description

Insufficient policy enforcement in extensions API in Google Chrome prior to 75.0.3770.80 allowed an attacker who convinced a user to install a malicious extension to bypass restrictions on file URIs via a crafted Chrome Extension.

Risk Information

Base Score

4.3

MODERATE

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

EPSS Score

Exploitation Probability

0.474

Associated Vulnerability

Vulnerability	OS Platform
Update Google Chrome (75.0.3770.80) fixes multiple vulnerabilities	Windows
Update Google Chrome (x64) (75.0.3770.80) fixes multiple vulnerabilities	Windows
Multiple vulnerabilities are fixed in Update for Google Chrome For Mac (75.0.3770.80)	Mac
chromium security update(DSA-4500-1) chromium_76.0.3809.100-1~deb10u1_amd64.deb	Linux
Update Google Chrome (75.0.3770.80) fixes multiple vulnerabilities (For Debian)	Linux
Update Google Chrome (75.0.3770.80) fixes multiple vulnerabilities (For Centos)	Linux
Update Google Chrome (75.0.3770.80) fixes multiple vulnerabilities (For RedHat)	Linux
Update Google Chrome (75.0.3770.80) fixes multiple vulnerabilities (For Suse)	Linux
Update Google Chrome (75.0.3770.80) fixes multiple vulnerabilities (For Ubuntu)	Linux

Patch Details

Click to see the patches provided by ManageEngine for this CVE

Patch ID	Patch Description
PATCH-309975	Google Chrome (75.0.3770.80)
PATCH-309976	Google Chrome (x64) (75.0.3770.80)
PATCH-609673	Google Chrome for Mac (132.0.6834.83, 132.0.6834.84)

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234