| Severity | High |
| Patch available | YES |
| Number of vulnerabilities | 39 |
| CVE ID | CVE-2019-13708 CVE-2019-13709 CVE-2019-13710 CVE-2019-13711 CVE-2019-13707 CVE-2019-13706 CVE-2019-13703 CVE-2019-13704 CVE-2019-13705 CVE-2019-15903 CVE-2019-13713 CVE-2019-13719 CVE-2019-13718 CVE-2019-13717 CVE-2019-13714 CVE-2019-13715 CVE-2019-13716 CVE-2019-13702 CVE-2019-13701 CVE-2019-13699 CVE-2019-13700 |
| CWE ID | CWE-290 CWE-693 CWE-200 CWE-125 CWE-451 CWE-264 CWE-94 CWE-399 CWE-119 CWE-416 |
| Exploitation vector | Network |
| Public exploit | Public exploit code for vulnerability #10 is available. |
| Vulnerable software Subscribe |
Google Chrome Client/Desktop applications / Web browsers |
| Vendor | Google, Inc. |
Severity: Medium
CVSSv3: 5.7 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C] [PCI]
CVE-ID: CVE-2019-13708
CWE-ID:
CWE-290 - Authentication Bypass by Spoofing
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a spoofing attack.
The vulnerability exists due to an unspecified error that allows a remote attacker to spoof HTTP authentication window and gain unauthorized access to victim's credentials.
Install updates from vendor's website.
Vulnerable software versionsGoogle Chrome: 78.0.3904.0, 78.0.3904.1, 78.0.3904.2, 78.0.3904.3, 78.0.3904.4, 78.0.3904.5, 78.0.3904.6, 78.0.3904.7, 78.0.3904.8, 78.0.3904.9, 78.0.3904.10, 78.0.3904.11, 78.0.3904.12, 78.0.3904.13, 78.0.3904.14, 78.0.3904.15, 78.0.3904.16, 78.0.3904.17, 78.0.3904.18, 78.0.3904.19, 78.0.3904.20, 78.0.3904.21, 78.0.3904.22, 78.0.3904.23, 78.0.3904.24, 78.0.3904.25, 78.0.3904.26, 78.0.3904.27, 78.0.3904.28, 78.0.3904.29, 78.0.3904.30, 78.0.3904.31, 78.0.3904.32, 78.0.3904.33, 78.0.3904.34, 78.0.3904.35, 78.0.3904.36, 78.0.3904.37, 78.0.3904.38, 78.0.3904.39, 78.0.3904.40, 78.0.3904.41, 78.0.3904.42, 78.0.3904.43, 78.0.3904.44, 78.0.3904.45, 78.0.3904.46, 78.0.3904.47, 78.0.3904.48, 78.0.3904.49, 78.0.3904.50, 78.0.3904.51, 78.0.3904.52, 78.0.3904.53, 78.0.3904.54, 78.0.3904.55, 78.0.3904.56, 78.0.3904.57, 78.0.3904.58, 78.0.3904.59, 78.0.3904.60, 78.0.3904.61, 78.0.3904.62, 78.0.3904.63, 78.0.3904.66, 78.0.3904.67, 78.0.3904.68, 78.0.3904.69
CPEhttps://chromereleases.googleblog.com/2019/10/stable-channel-update-for-desktop_22.html
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
Severity: Low
CVSSv3: 3.8 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2019-13709
CWE-ID:
CWE-693 - Protection Mechanism Failure
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass certain security restrictions.
The vulnerability exists due to unspecified error that allows a remote attacker to bypass file download security feature and silently download dangerous files to the victim's system.
Install updates from vendor's website.
Vulnerable software versionsGoogle Chrome: 78.0.3904.0, 78.0.3904.1, 78.0.3904.2, 78.0.3904.3, 78.0.3904.4, 78.0.3904.5, 78.0.3904.6, 78.0.3904.7, 78.0.3904.8, 78.0.3904.9, 78.0.3904.10, 78.0.3904.11, 78.0.3904.12, 78.0.3904.13, 78.0.3904.14, 78.0.3904.15, 78.0.3904.16, 78.0.3904.17, 78.0.3904.18, 78.0.3904.19, 78.0.3904.20, 78.0.3904.21, 78.0.3904.22, 78.0.3904.23, 78.0.3904.24, 78.0.3904.25, 78.0.3904.26, 78.0.3904.27, 78.0.3904.28, 78.0.3904.29, 78.0.3904.30, 78.0.3904.31, 78.0.3904.32, 78.0.3904.33, 78.0.3904.34, 78.0.3904.35, 78.0.3904.36, 78.0.3904.37, 78.0.3904.38, 78.0.3904.39, 78.0.3904.40, 78.0.3904.41, 78.0.3904.42, 78.0.3904.43, 78.0.3904.44, 78.0.3904.45, 78.0.3904.46, 78.0.3904.47, 78.0.3904.48, 78.0.3904.49, 78.0.3904.50, 78.0.3904.51, 78.0.3904.52, 78.0.3904.53, 78.0.3904.54, 78.0.3904.55, 78.0.3904.56, 78.0.3904.57, 78.0.3904.58, 78.0.3904.59, 78.0.3904.60, 78.0.3904.61, 78.0.3904.62, 78.0.3904.63, 78.0.3904.66, 78.0.3904.67, 78.0.3904.68, 78.0.3904.69
CPEhttps://chromereleases.googleblog.com/2019/10/stable-channel-update-for-desktop_22.html
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
Severity: Low
CVSSv3: 3.8 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2019-13710
CWE-ID:
CWE-693 - Protection Mechanism Failure
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass certain security restrictions.
The vulnerability exists due to unspecified error that allows a remote attacker to bypass file download security feature and silently download dangerous files to the victim's system.
Install updates from vendor's website.
Vulnerable software versionsGoogle Chrome: 78.0.3904.0, 78.0.3904.1, 78.0.3904.2, 78.0.3904.3, 78.0.3904.4, 78.0.3904.5, 78.0.3904.6, 78.0.3904.7, 78.0.3904.8, 78.0.3904.9, 78.0.3904.10, 78.0.3904.11, 78.0.3904.12, 78.0.3904.13, 78.0.3904.14, 78.0.3904.15, 78.0.3904.16, 78.0.3904.17, 78.0.3904.18, 78.0.3904.19, 78.0.3904.20, 78.0.3904.21, 78.0.3904.22, 78.0.3904.23, 78.0.3904.24, 78.0.3904.25, 78.0.3904.26, 78.0.3904.27, 78.0.3904.28, 78.0.3904.29, 78.0.3904.30, 78.0.3904.31, 78.0.3904.32, 78.0.3904.33, 78.0.3904.34, 78.0.3904.35, 78.0.3904.36, 78.0.3904.37, 78.0.3904.38, 78.0.3904.39, 78.0.3904.40, 78.0.3904.41, 78.0.3904.42, 78.0.3904.43, 78.0.3904.44, 78.0.3904.45, 78.0.3904.46, 78.0.3904.47, 78.0.3904.48, 78.0.3904.49, 78.0.3904.50, 78.0.3904.51, 78.0.3904.52, 78.0.3904.53, 78.0.3904.54, 78.0.3904.55, 78.0.3904.56, 78.0.3904.57, 78.0.3904.58, 78.0.3904.59, 78.0.3904.60, 78.0.3904.61, 78.0.3904.62, 78.0.3904.63, 78.0.3904.66, 78.0.3904.67, 78.0.3904.68, 78.0.3904.69
CPEhttps://chromereleases.googleblog.com/2019/10/stable-channel-update-for-desktop_22.html
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
Severity: Low
CVSSv3: 3.8 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2019-13711
CWE-ID:
CWE-200 - Information Exposure
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to unspecified error. A remote attacker can gain unauthorized access to sensitive information from another security context.
MitigationInstall updates from vendor's website.
Vulnerable software versionsGoogle Chrome: 78.0.3904.0, 78.0.3904.1, 78.0.3904.2, 78.0.3904.3, 78.0.3904.4, 78.0.3904.5, 78.0.3904.6, 78.0.3904.7, 78.0.3904.8, 78.0.3904.9, 78.0.3904.10, 78.0.3904.11, 78.0.3904.12, 78.0.3904.13, 78.0.3904.14, 78.0.3904.15, 78.0.3904.16, 78.0.3904.17, 78.0.3904.18, 78.0.3904.19, 78.0.3904.20, 78.0.3904.21, 78.0.3904.22, 78.0.3904.23, 78.0.3904.24, 78.0.3904.25, 78.0.3904.26, 78.0.3904.27, 78.0.3904.28, 78.0.3904.29, 78.0.3904.30, 78.0.3904.31, 78.0.3904.32, 78.0.3904.33, 78.0.3904.34, 78.0.3904.35, 78.0.3904.36, 78.0.3904.37, 78.0.3904.38, 78.0.3904.39, 78.0.3904.40, 78.0.3904.41, 78.0.3904.42, 78.0.3904.43, 78.0.3904.44, 78.0.3904.45, 78.0.3904.46, 78.0.3904.47, 78.0.3904.48, 78.0.3904.49, 78.0.3904.50, 78.0.3904.51, 78.0.3904.52, 78.0.3904.53, 78.0.3904.54, 78.0.3904.55, 78.0.3904.56, 78.0.3904.57, 78.0.3904.58, 78.0.3904.59, 78.0.3904.60, 78.0.3904.61, 78.0.3904.62, 78.0.3904.63, 78.0.3904.66, 78.0.3904.67, 78.0.3904.68, 78.0.3904.69
CPEhttps://chromereleases.googleblog.com/2019/10/stable-channel-update-for-desktop_22.html
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
Severity: Low
CVSSv3: 3.8 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2019-13707
CWE-ID:
CWE-200 - Information Exposure
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to the application allows disclosure of file storage. A remote attacker can gain unauthorized access to sensitive information on the system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsGoogle Chrome: 78.0.3904.0, 78.0.3904.1, 78.0.3904.2, 78.0.3904.3, 78.0.3904.4, 78.0.3904.5, 78.0.3904.6, 78.0.3904.7, 78.0.3904.8, 78.0.3904.9, 78.0.3904.10, 78.0.3904.11, 78.0.3904.12, 78.0.3904.13, 78.0.3904.14, 78.0.3904.15, 78.0.3904.16, 78.0.3904.17, 78.0.3904.18, 78.0.3904.19, 78.0.3904.20, 78.0.3904.21, 78.0.3904.22, 78.0.3904.23, 78.0.3904.24, 78.0.3904.25, 78.0.3904.26, 78.0.3904.27, 78.0.3904.28, 78.0.3904.29, 78.0.3904.30, 78.0.3904.31, 78.0.3904.32, 78.0.3904.33, 78.0.3904.34, 78.0.3904.35, 78.0.3904.36, 78.0.3904.37, 78.0.3904.38, 78.0.3904.39, 78.0.3904.40, 78.0.3904.41, 78.0.3904.42, 78.0.3904.43, 78.0.3904.44, 78.0.3904.45, 78.0.3904.46, 78.0.3904.47, 78.0.3904.48, 78.0.3904.49, 78.0.3904.50, 78.0.3904.51, 78.0.3904.52, 78.0.3904.53, 78.0.3904.54, 78.0.3904.55, 78.0.3904.56, 78.0.3904.57, 78.0.3904.58, 78.0.3904.59, 78.0.3904.60, 78.0.3904.61, 78.0.3904.62, 78.0.3904.63, 78.0.3904.66, 78.0.3904.67, 78.0.3904.68, 78.0.3904.69
CPEhttps://chromereleases.googleblog.com/2019/10/stable-channel-update-for-desktop_22.html
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
Severity: Medium
CVSSv3: 4.7 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L/E:U/RL:O/RC:C] [PCI]
CVE-ID: CVE-2019-13706
CWE-ID:
CWE-125 - Out-of-bounds Read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition when processing PDF content within the PDFium component. A remote attacker can create a specially crafted PDF file, trick the victim into opening it, trigger out-of-bounds read error and read contents of memory on the system on crash the application.
MitigationInstall updates from vendor's website.
Vulnerable software versionsGoogle Chrome: 78.0.3904.0, 78.0.3904.1, 78.0.3904.2, 78.0.3904.3, 78.0.3904.4, 78.0.3904.5, 78.0.3904.6, 78.0.3904.7, 78.0.3904.8, 78.0.3904.9, 78.0.3904.10, 78.0.3904.11, 78.0.3904.12, 78.0.3904.13, 78.0.3904.14, 78.0.3904.15, 78.0.3904.16, 78.0.3904.17, 78.0.3904.18, 78.0.3904.19, 78.0.3904.20, 78.0.3904.21, 78.0.3904.22, 78.0.3904.23, 78.0.3904.24, 78.0.3904.25, 78.0.3904.26, 78.0.3904.27, 78.0.3904.28, 78.0.3904.29, 78.0.3904.30, 78.0.3904.31, 78.0.3904.32, 78.0.3904.33, 78.0.3904.34, 78.0.3904.35, 78.0.3904.36, 78.0.3904.37, 78.0.3904.38, 78.0.3904.39, 78.0.3904.40, 78.0.3904.41, 78.0.3904.42, 78.0.3904.43, 78.0.3904.44, 78.0.3904.45, 78.0.3904.46, 78.0.3904.47, 78.0.3904.48, 78.0.3904.49, 78.0.3904.50, 78.0.3904.51, 78.0.3904.52, 78.0.3904.53, 78.0.3904.54, 78.0.3904.55, 78.0.3904.56, 78.0.3904.57, 78.0.3904.58, 78.0.3904.59, 78.0.3904.60, 78.0.3904.61, 78.0.3904.62, 78.0.3904.63, 78.0.3904.66, 78.0.3904.67, 78.0.3904.68, 78.0.3904.69
CPEhttps://chromereleases.googleblog.com/2019/10/stable-channel-update-for-desktop_22.html
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
Severity: Low
CVSSv3: 4.7 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C] [PCI]
CVE-ID: CVE-2019-13703
CWE-ID:
CWE-451 - User Interface (UI) Misrepresentation of Critical Information (Clickjacking, spoofing)
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform spoofing attack.
The vulnerability exists due to incorrect processing of user-supplied data. A remote attacker can create a specially crafted webpage and spoof URL in the browser bar.
MitigationInstall updates from vendor's website.
Vulnerable software versionsGoogle Chrome: 78.0.3904.0, 78.0.3904.1, 78.0.3904.2, 78.0.3904.3, 78.0.3904.4, 78.0.3904.5, 78.0.3904.6, 78.0.3904.7, 78.0.3904.8, 78.0.3904.9, 78.0.3904.10, 78.0.3904.11, 78.0.3904.12, 78.0.3904.13, 78.0.3904.14, 78.0.3904.15, 78.0.3904.16, 78.0.3904.17, 78.0.3904.18, 78.0.3904.19, 78.0.3904.20, 78.0.3904.21, 78.0.3904.22, 78.0.3904.23, 78.0.3904.24, 78.0.3904.25, 78.0.3904.26, 78.0.3904.27, 78.0.3904.28, 78.0.3904.29, 78.0.3904.30, 78.0.3904.31, 78.0.3904.32, 78.0.3904.33, 78.0.3904.34, 78.0.3904.35, 78.0.3904.36, 78.0.3904.37, 78.0.3904.38, 78.0.3904.39, 78.0.3904.40, 78.0.3904.41, 78.0.3904.42, 78.0.3904.43, 78.0.3904.44, 78.0.3904.45, 78.0.3904.46, 78.0.3904.47, 78.0.3904.48, 78.0.3904.49, 78.0.3904.50, 78.0.3904.51, 78.0.3904.52, 78.0.3904.53, 78.0.3904.54, 78.0.3904.55, 78.0.3904.56, 78.0.3904.57, 78.0.3904.58, 78.0.3904.59, 78.0.3904.60, 78.0.3904.61, 78.0.3904.62, 78.0.3904.63, 78.0.3904.66, 78.0.3904.67, 78.0.3904.68, 78.0.3904.69
CPEhttps://chromereleases.googleblog.com/2019/10/stable-channel-update-for-desktop_22.html
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
Severity: Low
CVSSv3: 4.7 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C] [PCI]
CVE-ID: CVE-2019-13704
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass certain security restrictions.
The vulnerability exists due to an error when processing CSP policies. A remote attacker can bypass CSP protection mechanism and perform cross-domain requests.
MitigationInstall updates from vendor's website.
Vulnerable software versionsGoogle Chrome: 78.0.3904.0, 78.0.3904.1, 78.0.3904.2, 78.0.3904.3, 78.0.3904.4, 78.0.3904.5, 78.0.3904.6, 78.0.3904.7, 78.0.3904.8, 78.0.3904.9, 78.0.3904.10, 78.0.3904.11, 78.0.3904.12, 78.0.3904.13, 78.0.3904.14, 78.0.3904.15, 78.0.3904.16, 78.0.3904.17, 78.0.3904.18, 78.0.3904.19, 78.0.3904.20, 78.0.3904.21, 78.0.3904.22, 78.0.3904.23, 78.0.3904.24, 78.0.3904.25, 78.0.3904.26, 78.0.3904.27, 78.0.3904.28, 78.0.3904.29, 78.0.3904.30, 78.0.3904.31, 78.0.3904.32, 78.0.3904.33, 78.0.3904.34, 78.0.3904.35, 78.0.3904.36, 78.0.3904.37, 78.0.3904.38, 78.0.3904.39, 78.0.3904.40, 78.0.3904.41, 78.0.3904.42, 78.0.3904.43, 78.0.3904.44, 78.0.3904.45, 78.0.3904.46, 78.0.3904.47, 78.0.3904.48, 78.0.3904.49, 78.0.3904.50, 78.0.3904.51, 78.0.3904.52, 78.0.3904.53, 78.0.3904.54, 78.0.3904.55, 78.0.3904.56, 78.0.3904.57, 78.0.3904.58, 78.0.3904.59, 78.0.3904.60, 78.0.3904.61, 78.0.3904.62, 78.0.3904.63, 78.0.3904.66, 78.0.3904.67, 78.0.3904.68, 78.0.3904.69
CPEhttps://chromereleases.googleblog.com/2019/10/stable-channel-update-for-desktop_22.html
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
Severity: Low
CVSSv3: 4.7 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C] [PCI]
CVE-ID: CVE-2019-13705
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to escalate privileges on the system.
The vulnerability exists due to incorrect processing of permissions in the Extension component. A remote attacker can create a specially crafted webpage, trick the victim into visiting it and bypass certain security restrictions.
MitigationInstall updates from vendor's website.
Vulnerable software versionsGoogle Chrome: 78.0.3904.0, 78.0.3904.1, 78.0.3904.2, 78.0.3904.3, 78.0.3904.4, 78.0.3904.5, 78.0.3904.6, 78.0.3904.7, 78.0.3904.8, 78.0.3904.9, 78.0.3904.10, 78.0.3904.11, 78.0.3904.12, 78.0.3904.13, 78.0.3904.14, 78.0.3904.15, 78.0.3904.16, 78.0.3904.17, 78.0.3904.18, 78.0.3904.19, 78.0.3904.20, 78.0.3904.21, 78.0.3904.22, 78.0.3904.23, 78.0.3904.24, 78.0.3904.25, 78.0.3904.26, 78.0.3904.27, 78.0.3904.28, 78.0.3904.29, 78.0.3904.30, 78.0.3904.31, 78.0.3904.32, 78.0.3904.33, 78.0.3904.34, 78.0.3904.35, 78.0.3904.36, 78.0.3904.37, 78.0.3904.38, 78.0.3904.39, 78.0.3904.40, 78.0.3904.41, 78.0.3904.42, 78.0.3904.43, 78.0.3904.44, 78.0.3904.45, 78.0.3904.46, 78.0.3904.47, 78.0.3904.48, 78.0.3904.49, 78.0.3904.50, 78.0.3904.51, 78.0.3904.52, 78.0.3904.53, 78.0.3904.54, 78.0.3904.55, 78.0.3904.56, 78.0.3904.57, 78.0.3904.58, 78.0.3904.59, 78.0.3904.60, 78.0.3904.61, 78.0.3904.62, 78.0.3904.63, 78.0.3904.66, 78.0.3904.67, 78.0.3904.68, 78.0.3904.69
CPEhttps://chromereleases.googleblog.com/2019/10/stable-channel-update-for-desktop_22.html
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
Severity: Medium
CVSSv3: 4.9 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L/E:P/RL:O/RC:C] [PCI]
CVE-ID: CVE-2019-15903
CWE-ID:
CWE-125 - Out-of-bounds Read
Exploit availability: Yes [Search exploit]
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information or perform denial of service (DoS) attack.
The vulnerability exists due to a boundary error when processing XML documents within the expat library. A remote attacker can create a specially crafted XML file, pass it to the affected application, trigger out-of-bounds read error and read contents of memory on the system or crash the affected application.
MitigationInstall update from vendor's website.
Vulnerable software versionsGoogle Chrome: 78.0.3904.0, 78.0.3904.1, 78.0.3904.2, 78.0.3904.3, 78.0.3904.4, 78.0.3904.5, 78.0.3904.6, 78.0.3904.7, 78.0.3904.8, 78.0.3904.9, 78.0.3904.10, 78.0.3904.11, 78.0.3904.12, 78.0.3904.13, 78.0.3904.14, 78.0.3904.15, 78.0.3904.16, 78.0.3904.17, 78.0.3904.18, 78.0.3904.19, 78.0.3904.20, 78.0.3904.21, 78.0.3904.22, 78.0.3904.23, 78.0.3904.24, 78.0.3904.25, 78.0.3904.26, 78.0.3904.27, 78.0.3904.28, 78.0.3904.29, 78.0.3904.30, 78.0.3904.31, 78.0.3904.32, 78.0.3904.33, 78.0.3904.34, 78.0.3904.35, 78.0.3904.36, 78.0.3904.37, 78.0.3904.38, 78.0.3904.39, 78.0.3904.40, 78.0.3904.41, 78.0.3904.42, 78.0.3904.43, 78.0.3904.44, 78.0.3904.45, 78.0.3904.46, 78.0.3904.47, 78.0.3904.48, 78.0.3904.49, 78.0.3904.50, 78.0.3904.51, 78.0.3904.52, 78.0.3904.53, 78.0.3904.54, 78.0.3904.55, 78.0.3904.56, 78.0.3904.57, 78.0.3904.58, 78.0.3904.59, 78.0.3904.60, 78.0.3904.61, 78.0.3904.62, 78.0.3904.63, 78.0.3904.66, 78.0.3904.67, 78.0.3904.68, 78.0.3904.69
CPEhttps://chromereleases.googleblog.com/2019/10/stable-channel-update-for-desktop_22.html
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
Severity: Low
CVSSv3: 3.8 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2019-13713
CWE-ID:
CWE-200 - Information Exposure
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to cross-origin data leak. A remote attacker can gain unauthorized access to sensitive information.
MitigationInstall updates from vendor's website.
Vulnerable software versionsGoogle Chrome: 78.0.3904.0, 78.0.3904.1, 78.0.3904.2, 78.0.3904.3, 78.0.3904.4, 78.0.3904.5, 78.0.3904.6, 78.0.3904.7, 78.0.3904.8, 78.0.3904.9, 78.0.3904.10, 78.0.3904.11, 78.0.3904.12, 78.0.3904.13, 78.0.3904.14, 78.0.3904.15, 78.0.3904.16, 78.0.3904.17, 78.0.3904.18, 78.0.3904.19, 78.0.3904.20, 78.0.3904.21, 78.0.3904.22, 78.0.3904.23, 78.0.3904.24, 78.0.3904.25, 78.0.3904.26, 78.0.3904.27, 78.0.3904.28, 78.0.3904.29, 78.0.3904.30, 78.0.3904.31, 78.0.3904.32, 78.0.3904.33, 78.0.3904.34, 78.0.3904.35, 78.0.3904.36, 78.0.3904.37, 78.0.3904.38, 78.0.3904.39, 78.0.3904.40, 78.0.3904.41, 78.0.3904.42, 78.0.3904.43, 78.0.3904.44, 78.0.3904.45, 78.0.3904.46, 78.0.3904.47, 78.0.3904.48, 78.0.3904.49, 78.0.3904.50, 78.0.3904.51, 78.0.3904.52, 78.0.3904.53, 78.0.3904.54, 78.0.3904.55, 78.0.3904.56, 78.0.3904.57, 78.0.3904.58, 78.0.3904.59, 78.0.3904.60, 78.0.3904.61, 78.0.3904.62, 78.0.3904.63, 78.0.3904.66, 78.0.3904.67, 78.0.3904.68, 78.0.3904.69
CPEhttps://chromereleases.googleblog.com/2019/10/stable-channel-update-for-desktop_22.html
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
Severity: Low
CVSSv3: 3.8 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2019-13719
CWE-ID:
CWE-451 - User Interface (UI) Misrepresentation of Critical Information (Clickjacking, spoofing)
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform spoofing attack.
The vulnerability exists due to incorrect processing of browser notifications. A remote attacker can create a specially crafted web page and spoof contents of notifications that are displayed to the user.
MitigationInstall updates from vendor's website.
Vulnerable software versionsGoogle Chrome: 78.0.3904.0, 78.0.3904.1, 78.0.3904.2, 78.0.3904.3, 78.0.3904.4, 78.0.3904.5, 78.0.3904.6, 78.0.3904.7, 78.0.3904.8, 78.0.3904.9, 78.0.3904.10, 78.0.3904.11, 78.0.3904.12, 78.0.3904.13, 78.0.3904.14, 78.0.3904.15, 78.0.3904.16, 78.0.3904.17, 78.0.3904.18, 78.0.3904.19, 78.0.3904.20, 78.0.3904.21, 78.0.3904.22, 78.0.3904.23, 78.0.3904.24, 78.0.3904.25, 78.0.3904.26, 78.0.3904.27, 78.0.3904.28, 78.0.3904.29, 78.0.3904.30, 78.0.3904.31, 78.0.3904.32, 78.0.3904.33, 78.0.3904.34, 78.0.3904.35, 78.0.3904.36, 78.0.3904.37, 78.0.3904.38, 78.0.3904.39, 78.0.3904.40, 78.0.3904.41, 78.0.3904.42, 78.0.3904.43, 78.0.3904.44, 78.0.3904.45, 78.0.3904.46, 78.0.3904.47, 78.0.3904.48, 78.0.3904.49, 78.0.3904.50, 78.0.3904.51, 78.0.3904.52, 78.0.3904.53, 78.0.3904.54, 78.0.3904.55, 78.0.3904.56, 78.0.3904.57, 78.0.3904.58, 78.0.3904.59, 78.0.3904.60, 78.0.3904.61, 78.0.3904.62, 78.0.3904.63, 78.0.3904.66, 78.0.3904.67, 78.0.3904.68, 78.0.3904.69
CPEhttps://chromereleases.googleblog.com/2019/10/stable-channel-update-for-desktop_22.html
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
Severity: Low
CVSSv3: 3.7 [CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2019-13718
CWE-ID:
CWE-451 - User Interface (UI) Misrepresentation of Critical Information (Clickjacking, spoofing)
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform spoofing attack.
The vulnerability exists due to incorrect processing of IDN domain names. A remote attacker can register a specially crafted domain name and perform spoofing attack.
Install updates from vendor's website.
Vulnerable software versionsGoogle Chrome: 78.0.3904.0, 78.0.3904.1, 78.0.3904.2, 78.0.3904.3, 78.0.3904.4, 78.0.3904.5, 78.0.3904.6, 78.0.3904.7, 78.0.3904.8, 78.0.3904.9, 78.0.3904.10, 78.0.3904.11, 78.0.3904.12, 78.0.3904.13, 78.0.3904.14, 78.0.3904.15, 78.0.3904.16, 78.0.3904.17, 78.0.3904.18, 78.0.3904.19, 78.0.3904.20, 78.0.3904.21, 78.0.3904.22, 78.0.3904.23, 78.0.3904.24, 78.0.3904.25, 78.0.3904.26, 78.0.3904.27, 78.0.3904.28, 78.0.3904.29, 78.0.3904.30, 78.0.3904.31, 78.0.3904.32, 78.0.3904.33, 78.0.3904.34, 78.0.3904.35, 78.0.3904.36, 78.0.3904.37, 78.0.3904.38, 78.0.3904.39, 78.0.3904.40, 78.0.3904.41, 78.0.3904.42, 78.0.3904.43, 78.0.3904.44, 78.0.3904.45, 78.0.3904.46, 78.0.3904.47, 78.0.3904.48, 78.0.3904.49, 78.0.3904.50, 78.0.3904.51, 78.0.3904.52, 78.0.3904.53, 78.0.3904.54, 78.0.3904.55, 78.0.3904.56, 78.0.3904.57, 78.0.3904.58, 78.0.3904.59, 78.0.3904.60, 78.0.3904.61, 78.0.3904.62, 78.0.3904.63, 78.0.3904.66, 78.0.3904.67, 78.0.3904.68, 78.0.3904.69
CPEhttps://chromereleases.googleblog.com/2019/10/stable-channel-update-for-desktop_22.html
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
Severity: Low
CVSSv3: 3.8 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2019-13717
CWE-ID:
CWE-451 - User Interface (UI) Misrepresentation of Critical Information (Clickjacking, spoofing)
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform spoofing attack.
The vulnerability exists due to incorrect processing of browser notifications. A remote attacker can create a specially crafted web page and spoof contents of notifications that are displayed to the user.
MitigationInstall updates from vendor's website.
Vulnerable software versionsGoogle Chrome: 78.0.3904.0, 78.0.3904.1, 78.0.3904.2, 78.0.3904.3, 78.0.3904.4, 78.0.3904.5, 78.0.3904.6, 78.0.3904.7, 78.0.3904.8, 78.0.3904.9, 78.0.3904.10, 78.0.3904.11, 78.0.3904.12, 78.0.3904.13, 78.0.3904.14, 78.0.3904.15, 78.0.3904.16, 78.0.3904.17, 78.0.3904.18, 78.0.3904.19, 78.0.3904.20, 78.0.3904.21, 78.0.3904.22, 78.0.3904.23, 78.0.3904.24, 78.0.3904.25, 78.0.3904.26, 78.0.3904.27, 78.0.3904.28, 78.0.3904.29, 78.0.3904.30, 78.0.3904.31, 78.0.3904.32, 78.0.3904.33, 78.0.3904.34, 78.0.3904.35, 78.0.3904.36, 78.0.3904.37, 78.0.3904.38, 78.0.3904.39, 78.0.3904.40, 78.0.3904.41, 78.0.3904.42, 78.0.3904.43, 78.0.3904.44, 78.0.3904.45, 78.0.3904.46, 78.0.3904.47, 78.0.3904.48, 78.0.3904.49, 78.0.3904.50, 78.0.3904.51, 78.0.3904.52, 78.0.3904.53, 78.0.3904.54, 78.0.3904.55, 78.0.3904.56, 78.0.3904.57, 78.0.3904.58, 78.0.3904.59, 78.0.3904.60, 78.0.3904.61, 78.0.3904.62, 78.0.3904.63, 78.0.3904.66, 78.0.3904.67, 78.0.3904.68, 78.0.3904.69
CPEhttps://chromereleases.googleblog.com/2019/10/stable-channel-update-for-desktop_22.html
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
Severity: Low
CVSSv3: 4.1 [CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C] [PCI]
CVE-ID: CVE-2019-13714
CWE-ID:
CWE-94 - Improper Control of Generation of Code ('Code Injection')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary JavaScript code.
The vulnerability exists due to improper input validation when processing CSS files. A remote attacker can send create a specially crafted webpage and perform CSS injection attack.
MitigationInstall updates from vendor's website.
Vulnerable software versionsGoogle Chrome: 78.0.3904.0, 78.0.3904.1, 78.0.3904.2, 78.0.3904.3, 78.0.3904.4, 78.0.3904.5, 78.0.3904.6, 78.0.3904.7, 78.0.3904.8, 78.0.3904.9, 78.0.3904.10, 78.0.3904.11, 78.0.3904.12, 78.0.3904.13, 78.0.3904.14, 78.0.3904.15, 78.0.3904.16, 78.0.3904.17, 78.0.3904.18, 78.0.3904.19, 78.0.3904.20, 78.0.3904.21, 78.0.3904.22, 78.0.3904.23, 78.0.3904.24, 78.0.3904.25, 78.0.3904.26, 78.0.3904.27, 78.0.3904.28, 78.0.3904.29, 78.0.3904.30, 78.0.3904.31, 78.0.3904.32, 78.0.3904.33, 78.0.3904.34, 78.0.3904.35, 78.0.3904.36, 78.0.3904.37, 78.0.3904.38, 78.0.3904.39, 78.0.3904.40, 78.0.3904.41, 78.0.3904.42, 78.0.3904.43, 78.0.3904.44, 78.0.3904.45, 78.0.3904.46, 78.0.3904.47, 78.0.3904.48, 78.0.3904.49, 78.0.3904.50, 78.0.3904.51, 78.0.3904.52, 78.0.3904.53, 78.0.3904.54, 78.0.3904.55, 78.0.3904.56, 78.0.3904.57, 78.0.3904.58, 78.0.3904.59, 78.0.3904.60, 78.0.3904.61, 78.0.3904.62, 78.0.3904.63, 78.0.3904.66, 78.0.3904.67, 78.0.3904.68, 78.0.3904.69
CPEhttps://chromereleases.googleblog.com/2019/10/stable-channel-update-for-desktop_22.html
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
Severity: Low
CVSSv3: 3.8 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2019-13715
CWE-ID:
CWE-451 - User Interface (UI) Misrepresentation of Critical Information (Clickjacking, spoofing)
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform spoofing attack.
The vulnerability exists due to incorrect processing of user-supplied data. A remote attacker can create a specially crafted webpage and spoof the browser's address bar.
MitigationInstall updates from vendor's website.
Vulnerable software versionsGoogle Chrome: 78.0.3904.0, 78.0.3904.1, 78.0.3904.2, 78.0.3904.3, 78.0.3904.4, 78.0.3904.5, 78.0.3904.6, 78.0.3904.7, 78.0.3904.8, 78.0.3904.9, 78.0.3904.10, 78.0.3904.11, 78.0.3904.12, 78.0.3904.13, 78.0.3904.14, 78.0.3904.15, 78.0.3904.16, 78.0.3904.17, 78.0.3904.18, 78.0.3904.19, 78.0.3904.20, 78.0.3904.21, 78.0.3904.22, 78.0.3904.23, 78.0.3904.24, 78.0.3904.25, 78.0.3904.26, 78.0.3904.27, 78.0.3904.28, 78.0.3904.29, 78.0.3904.30, 78.0.3904.31, 78.0.3904.32, 78.0.3904.33, 78.0.3904.34, 78.0.3904.35, 78.0.3904.36, 78.0.3904.37, 78.0.3904.38, 78.0.3904.39, 78.0.3904.40, 78.0.3904.41, 78.0.3904.42, 78.0.3904.43, 78.0.3904.44, 78.0.3904.45, 78.0.3904.46, 78.0.3904.47, 78.0.3904.48, 78.0.3904.49, 78.0.3904.50, 78.0.3904.51, 78.0.3904.52, 78.0.3904.53, 78.0.3904.54, 78.0.3904.55, 78.0.3904.56, 78.0.3904.57, 78.0.3904.58, 78.0.3904.59, 78.0.3904.60, 78.0.3904.61, 78.0.3904.62, 78.0.3904.63, 78.0.3904.66, 78.0.3904.67, 78.0.3904.68, 78.0.3904.69
CPEhttps://chromereleases.googleblog.com/2019/10/stable-channel-update-for-desktop_22.html
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
Severity: Low
CVSSv3: 3.8 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2019-13716
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a resource management error. A remote attacker can use a specially crafted webpage to crash the affected browser.
Install updates from vendor's website.
Vulnerable software versionsGoogle Chrome: 78.0.3904.0, 78.0.3904.1, 78.0.3904.2, 78.0.3904.3, 78.0.3904.4, 78.0.3904.5, 78.0.3904.6, 78.0.3904.7, 78.0.3904.8, 78.0.3904.9, 78.0.3904.10, 78.0.3904.11, 78.0.3904.12, 78.0.3904.13, 78.0.3904.14, 78.0.3904.15, 78.0.3904.16, 78.0.3904.17, 78.0.3904.18, 78.0.3904.19, 78.0.3904.20, 78.0.3904.21, 78.0.3904.22, 78.0.3904.23, 78.0.3904.24, 78.0.3904.25, 78.0.3904.26, 78.0.3904.27, 78.0.3904.28, 78.0.3904.29, 78.0.3904.30, 78.0.3904.31, 78.0.3904.32, 78.0.3904.33, 78.0.3904.34, 78.0.3904.35, 78.0.3904.36, 78.0.3904.37, 78.0.3904.38, 78.0.3904.39, 78.0.3904.40, 78.0.3904.41, 78.0.3904.42, 78.0.3904.43, 78.0.3904.44, 78.0.3904.45, 78.0.3904.46, 78.0.3904.47, 78.0.3904.48, 78.0.3904.49, 78.0.3904.50, 78.0.3904.51, 78.0.3904.52, 78.0.3904.53, 78.0.3904.54, 78.0.3904.55, 78.0.3904.56, 78.0.3904.57, 78.0.3904.58, 78.0.3904.59, 78.0.3904.60, 78.0.3904.61, 78.0.3904.62, 78.0.3904.63, 78.0.3904.66, 78.0.3904.67, 78.0.3904.68, 78.0.3904.69
CPEhttps://chromereleases.googleblog.com/2019/10/stable-channel-update-for-desktop_22.html
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
Severity: Low
CVSSv3: 4.7 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C] [PCI]
CVE-ID: CVE-2019-13702
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to escalate privileges on the system.
The vulnerability exists due to unspecified error in the Installer component. A remote attacker can bypass certain security restrictions.
MitigationInstall updates from vendor's website.
Vulnerable software versionsGoogle Chrome: 78.0.3904.0, 78.0.3904.1, 78.0.3904.2, 78.0.3904.3, 78.0.3904.4, 78.0.3904.5, 78.0.3904.6, 78.0.3904.7, 78.0.3904.8, 78.0.3904.9, 78.0.3904.10, 78.0.3904.11, 78.0.3904.12, 78.0.3904.13, 78.0.3904.14, 78.0.3904.15, 78.0.3904.16, 78.0.3904.17, 78.0.3904.18, 78.0.3904.19, 78.0.3904.20, 78.0.3904.21, 78.0.3904.22, 78.0.3904.23, 78.0.3904.24, 78.0.3904.25, 78.0.3904.26, 78.0.3904.27, 78.0.3904.28, 78.0.3904.29, 78.0.3904.30, 78.0.3904.31, 78.0.3904.32, 78.0.3904.33, 78.0.3904.34, 78.0.3904.35, 78.0.3904.36, 78.0.3904.37, 78.0.3904.38, 78.0.3904.39, 78.0.3904.40, 78.0.3904.41, 78.0.3904.42, 78.0.3904.43, 78.0.3904.44, 78.0.3904.45, 78.0.3904.46, 78.0.3904.47, 78.0.3904.48, 78.0.3904.49, 78.0.3904.50, 78.0.3904.51, 78.0.3904.52, 78.0.3904.53, 78.0.3904.54, 78.0.3904.55, 78.0.3904.56, 78.0.3904.57, 78.0.3904.58, 78.0.3904.59, 78.0.3904.60, 78.0.3904.61, 78.0.3904.62, 78.0.3904.63, 78.0.3904.66, 78.0.3904.67, 78.0.3904.68, 78.0.3904.69
CPEhttps://chromereleases.googleblog.com/2019/10/stable-channel-update-for-desktop_22.html
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
Severity: Low
CVSSv3: 4.7 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C] [PCI]
CVE-ID: CVE-2019-13701
CWE-ID:
CWE-451 - User Interface (UI) Misrepresentation of Critical Information (Clickjacking, spoofing)
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform spoofing attack.
The vulnerability exists due to incorrect processing of user-supplied data. A remote attacker can create a specially crafted webpage and spoof browser URL in navigation.
MitigationInstall updates from vendor's website.
Vulnerable software versionsGoogle Chrome: 78.0.3904.0, 78.0.3904.1, 78.0.3904.2, 78.0.3904.3, 78.0.3904.4, 78.0.3904.5, 78.0.3904.6, 78.0.3904.7, 78.0.3904.8, 78.0.3904.9, 78.0.3904.10, 78.0.3904.11, 78.0.3904.12, 78.0.3904.13, 78.0.3904.14, 78.0.3904.15, 78.0.3904.16, 78.0.3904.17, 78.0.3904.18, 78.0.3904.19, 78.0.3904.20, 78.0.3904.21, 78.0.3904.22, 78.0.3904.23, 78.0.3904.24, 78.0.3904.25, 78.0.3904.26, 78.0.3904.27, 78.0.3904.28, 78.0.3904.29, 78.0.3904.30, 78.0.3904.31, 78.0.3904.32, 78.0.3904.33, 78.0.3904.34, 78.0.3904.35, 78.0.3904.36, 78.0.3904.37, 78.0.3904.38, 78.0.3904.39, 78.0.3904.40, 78.0.3904.41, 78.0.3904.42, 78.0.3904.43, 78.0.3904.44, 78.0.3904.45, 78.0.3904.46, 78.0.3904.47, 78.0.3904.48, 78.0.3904.49, 78.0.3904.50, 78.0.3904.51, 78.0.3904.52, 78.0.3904.53, 78.0.3904.54, 78.0.3904.55, 78.0.3904.56, 78.0.3904.57, 78.0.3904.58, 78.0.3904.59, 78.0.3904.60, 78.0.3904.61, 78.0.3904.62, 78.0.3904.63, 78.0.3904.66, 78.0.3904.67, 78.0.3904.68, 78.0.3904.69
CPEhttps://chromereleases.googleblog.com/2019/10/stable-channel-update-for-desktop_22.html
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
Severity: Medium
CVSSv3: 5.5 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C] [PCI]
CVE-ID: N/A
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass certain security restrictions.
The vulnerability exists due to unspecified error. A remote attacker can create a specially crafted webpage and bypass implemented security restrictions.
MitigationInstall updates from vendor's website.
Vulnerable software versionsGoogle Chrome: 78.0.3904.0, 78.0.3904.1, 78.0.3904.2, 78.0.3904.3, 78.0.3904.4, 78.0.3904.5, 78.0.3904.6, 78.0.3904.7, 78.0.3904.8, 78.0.3904.9, 78.0.3904.10, 78.0.3904.11, 78.0.3904.12, 78.0.3904.13, 78.0.3904.14, 78.0.3904.15, 78.0.3904.16, 78.0.3904.17, 78.0.3904.18, 78.0.3904.19, 78.0.3904.20, 78.0.3904.21, 78.0.3904.22, 78.0.3904.23, 78.0.3904.24, 78.0.3904.25, 78.0.3904.26, 78.0.3904.27, 78.0.3904.28, 78.0.3904.29, 78.0.3904.30, 78.0.3904.31, 78.0.3904.32, 78.0.3904.33, 78.0.3904.34, 78.0.3904.35, 78.0.3904.36, 78.0.3904.37, 78.0.3904.38, 78.0.3904.39, 78.0.3904.40, 78.0.3904.41, 78.0.3904.42, 78.0.3904.43, 78.0.3904.44, 78.0.3904.45, 78.0.3904.46, 78.0.3904.47, 78.0.3904.48, 78.0.3904.49, 78.0.3904.50, 78.0.3904.51, 78.0.3904.52, 78.0.3904.53, 78.0.3904.54, 78.0.3904.55, 78.0.3904.56, 78.0.3904.57, 78.0.3904.58, 78.0.3904.59, 78.0.3904.60, 78.0.3904.61, 78.0.3904.62, 78.0.3904.63, 78.0.3904.66, 78.0.3904.67, 78.0.3904.68, 78.0.3904.69
CPEhttps://chromereleases.googleblog.com/2019/10/stable-channel-update-for-desktop_22.html
https://crbug.com/997401
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
Severity: Medium
CVSSv3: 5.5 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C] [PCI]
CVE-ID: N/A
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass certain security restrictions.
The vulnerability exists due to unspecified error. A remote attacker can create a specially crafted webpage and bypass implemented security restrictions.
MitigationInstall updates from vendor's website.
Vulnerable software versionsGoogle Chrome: 78.0.3904.0, 78.0.3904.1, 78.0.3904.2, 78.0.3904.3, 78.0.3904.4, 78.0.3904.5, 78.0.3904.6, 78.0.3904.7, 78.0.3904.8, 78.0.3904.9, 78.0.3904.10, 78.0.3904.11, 78.0.3904.12, 78.0.3904.13, 78.0.3904.14, 78.0.3904.15, 78.0.3904.16, 78.0.3904.17, 78.0.3904.18, 78.0.3904.19, 78.0.3904.20, 78.0.3904.21, 78.0.3904.22, 78.0.3904.23, 78.0.3904.24, 78.0.3904.25, 78.0.3904.26, 78.0.3904.27, 78.0.3904.28, 78.0.3904.29, 78.0.3904.30, 78.0.3904.31, 78.0.3904.32, 78.0.3904.33, 78.0.3904.34, 78.0.3904.35, 78.0.3904.36, 78.0.3904.37, 78.0.3904.38, 78.0.3904.39, 78.0.3904.40, 78.0.3904.41, 78.0.3904.42, 78.0.3904.43, 78.0.3904.44, 78.0.3904.45, 78.0.3904.46, 78.0.3904.47, 78.0.3904.48, 78.0.3904.49, 78.0.3904.50, 78.0.3904.51, 78.0.3904.52, 78.0.3904.53, 78.0.3904.54, 78.0.3904.55, 78.0.3904.56, 78.0.3904.57, 78.0.3904.58, 78.0.3904.59, 78.0.3904.60, 78.0.3904.61, 78.0.3904.62, 78.0.3904.63, 78.0.3904.66, 78.0.3904.67, 78.0.3904.68, 78.0.3904.69
CPEhttps://chromereleases.googleblog.com/2019/10/stable-channel-update-for-desktop_22.html
https://crbug.com/996786
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
Severity: Medium
CVSSv3: 5.5 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C] [PCI]
CVE-ID: N/A
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass certain security restrictions.
The vulnerability exists due to unspecified error. A remote attacker can create a specially crafted webpage and bypass implemented security restrictions.
MitigationInstall updates from vendor's website.
Vulnerable software versionsGoogle Chrome: 78.0.3904.0, 78.0.3904.1, 78.0.3904.2, 78.0.3904.3, 78.0.3904.4, 78.0.3904.5, 78.0.3904.6, 78.0.3904.7, 78.0.3904.8, 78.0.3904.9, 78.0.3904.10, 78.0.3904.11, 78.0.3904.12, 78.0.3904.13, 78.0.3904.14, 78.0.3904.15, 78.0.3904.16, 78.0.3904.17, 78.0.3904.18, 78.0.3904.19, 78.0.3904.20, 78.0.3904.21, 78.0.3904.22, 78.0.3904.23, 78.0.3904.24, 78.0.3904.25, 78.0.3904.26, 78.0.3904.27, 78.0.3904.28, 78.0.3904.29, 78.0.3904.30, 78.0.3904.31, 78.0.3904.32, 78.0.3904.33, 78.0.3904.34, 78.0.3904.35, 78.0.3904.36, 78.0.3904.37, 78.0.3904.38, 78.0.3904.39, 78.0.3904.40, 78.0.3904.41, 78.0.3904.42, 78.0.3904.43, 78.0.3904.44, 78.0.3904.45, 78.0.3904.46, 78.0.3904.47, 78.0.3904.48, 78.0.3904.49, 78.0.3904.50, 78.0.3904.51, 78.0.3904.52, 78.0.3904.53, 78.0.3904.54, 78.0.3904.55, 78.0.3904.56, 78.0.3904.57, 78.0.3904.58, 78.0.3904.59, 78.0.3904.60, 78.0.3904.61, 78.0.3904.62, 78.0.3904.63, 78.0.3904.66, 78.0.3904.67, 78.0.3904.68, 78.0.3904.69
CPEhttps://chromereleases.googleblog.com/2019/10/stable-channel-update-for-desktop_22.html
https://crbug.com/995591
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
Severity: Medium
CVSSv3: 5.5 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C] [PCI]
CVE-ID: N/A
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass certain security restrictions.
The vulnerability exists due to unspecified error. A remote attacker can create a specially crafted webpage and bypass implemented security restrictions.
MitigationInstall updates from vendor's website.
Vulnerable software versionsGoogle Chrome: 78.0.3904.0, 78.0.3904.1, 78.0.3904.2, 78.0.3904.3, 78.0.3904.4, 78.0.3904.5, 78.0.3904.6, 78.0.3904.7, 78.0.3904.8, 78.0.3904.9, 78.0.3904.10, 78.0.3904.11, 78.0.3904.12, 78.0.3904.13, 78.0.3904.14, 78.0.3904.15, 78.0.3904.16, 78.0.3904.17, 78.0.3904.18, 78.0.3904.19, 78.0.3904.20, 78.0.3904.21, 78.0.3904.22, 78.0.3904.23, 78.0.3904.24, 78.0.3904.25, 78.0.3904.26, 78.0.3904.27, 78.0.3904.28, 78.0.3904.29, 78.0.3904.30, 78.0.3904.31, 78.0.3904.32, 78.0.3904.33, 78.0.3904.34, 78.0.3904.35, 78.0.3904.36, 78.0.3904.37, 78.0.3904.38, 78.0.3904.39, 78.0.3904.40, 78.0.3904.41, 78.0.3904.42, 78.0.3904.43, 78.0.3904.44, 78.0.3904.45, 78.0.3904.46, 78.0.3904.47, 78.0.3904.48, 78.0.3904.49, 78.0.3904.50, 78.0.3904.51, 78.0.3904.52, 78.0.3904.53, 78.0.3904.54, 78.0.3904.55, 78.0.3904.56, 78.0.3904.57, 78.0.3904.58, 78.0.3904.59, 78.0.3904.60, 78.0.3904.61, 78.0.3904.62, 78.0.3904.63, 78.0.3904.66, 78.0.3904.67, 78.0.3904.68, 78.0.3904.69
CPEhttps://chromereleases.googleblog.com/2019/10/stable-channel-update-for-desktop_22.html
https://crbug.com/993266
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
Severity: Medium
CVSSv3: 5.5 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C] [PCI]
CVE-ID: N/A
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass certain security restrictions.
The vulnerability exists due to unspecified error. A remote attacker can create a specially crafted webpage and bypass implemented security restrictions.
MitigationInstall updates from vendor's website.
Vulnerable software versionsGoogle Chrome: 78.0.3904.0, 78.0.3904.1, 78.0.3904.2, 78.0.3904.3, 78.0.3904.4, 78.0.3904.5, 78.0.3904.6, 78.0.3904.7, 78.0.3904.8, 78.0.3904.9, 78.0.3904.10, 78.0.3904.11, 78.0.3904.12, 78.0.3904.13, 78.0.3904.14, 78.0.3904.15, 78.0.3904.16, 78.0.3904.17, 78.0.3904.18, 78.0.3904.19, 78.0.3904.20, 78.0.3904.21, 78.0.3904.22, 78.0.3904.23, 78.0.3904.24, 78.0.3904.25, 78.0.3904.26, 78.0.3904.27, 78.0.3904.28, 78.0.3904.29, 78.0.3904.30, 78.0.3904.31, 78.0.3904.32, 78.0.3904.33, 78.0.3904.34, 78.0.3904.35, 78.0.3904.36, 78.0.3904.37, 78.0.3904.38, 78.0.3904.39, 78.0.3904.40, 78.0.3904.41, 78.0.3904.42, 78.0.3904.43, 78.0.3904.44, 78.0.3904.45, 78.0.3904.46, 78.0.3904.47, 78.0.3904.48, 78.0.3904.49, 78.0.3904.50, 78.0.3904.51, 78.0.3904.52, 78.0.3904.53, 78.0.3904.54, 78.0.3904.55, 78.0.3904.56, 78.0.3904.57, 78.0.3904.58, 78.0.3904.59, 78.0.3904.60, 78.0.3904.61, 78.0.3904.62, 78.0.3904.63, 78.0.3904.66, 78.0.3904.67, 78.0.3904.68, 78.0.3904.69
CPEhttps://chromereleases.googleblog.com/2019/10/stable-channel-update-for-desktop_22.html
https://crbug.com/1004341
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
Severity: Medium
CVSSv3: 5.5 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C] [PCI]
CVE-ID: N/A
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass certain security restrictions.
The vulnerability exists due to unspecified error. A remote attacker can create a specially crafted webpage and bypass implemented security restrictions.
MitigationInstall updates from vendor's website.
Vulnerable software versionsGoogle Chrome: 78.0.3904.0, 78.0.3904.1, 78.0.3904.2, 78.0.3904.3, 78.0.3904.4, 78.0.3904.5, 78.0.3904.6, 78.0.3904.7, 78.0.3904.8, 78.0.3904.9, 78.0.3904.10, 78.0.3904.11, 78.0.3904.12, 78.0.3904.13, 78.0.3904.14, 78.0.3904.15, 78.0.3904.16, 78.0.3904.17, 78.0.3904.18, 78.0.3904.19, 78.0.3904.20, 78.0.3904.21, 78.0.3904.22, 78.0.3904.23, 78.0.3904.24, 78.0.3904.25, 78.0.3904.26, 78.0.3904.27, 78.0.3904.28, 78.0.3904.29, 78.0.3904.30, 78.0.3904.31, 78.0.3904.32, 78.0.3904.33, 78.0.3904.34, 78.0.3904.35, 78.0.3904.36, 78.0.3904.37, 78.0.3904.38, 78.0.3904.39, 78.0.3904.40, 78.0.3904.41, 78.0.3904.42, 78.0.3904.43, 78.0.3904.44, 78.0.3904.45, 78.0.3904.46, 78.0.3904.47, 78.0.3904.48, 78.0.3904.49, 78.0.3904.50, 78.0.3904.51, 78.0.3904.52, 78.0.3904.53, 78.0.3904.54, 78.0.3904.55, 78.0.3904.56, 78.0.3904.57, 78.0.3904.58, 78.0.3904.59, 78.0.3904.60, 78.0.3904.61, 78.0.3904.62, 78.0.3904.63, 78.0.3904.66, 78.0.3904.67, 78.0.3904.68, 78.0.3904.69
CPEhttps://chromereleases.googleblog.com/2019/10/stable-channel-update-for-desktop_22.html
https://crbug.com/1006544
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
Severity: High
CVSSv3: 7.7 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C] [PCI]
CVE-ID: N/A
CWE-ID:
CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to an unspecified boundary error when processing HTML content. A remote attacker can create a specially crafted website, trick the victim into visiting it, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsGoogle Chrome: 78.0.3904.0, 78.0.3904.1, 78.0.3904.2, 78.0.3904.3, 78.0.3904.4, 78.0.3904.5, 78.0.3904.6, 78.0.3904.7, 78.0.3904.8, 78.0.3904.9, 78.0.3904.10, 78.0.3904.11, 78.0.3904.12, 78.0.3904.13, 78.0.3904.14, 78.0.3904.15, 78.0.3904.16, 78.0.3904.17, 78.0.3904.18, 78.0.3904.19, 78.0.3904.20, 78.0.3904.21, 78.0.3904.22, 78.0.3904.23, 78.0.3904.24, 78.0.3904.25, 78.0.3904.26, 78.0.3904.27, 78.0.3904.28, 78.0.3904.29, 78.0.3904.30, 78.0.3904.31, 78.0.3904.32, 78.0.3904.33, 78.0.3904.34, 78.0.3904.35, 78.0.3904.36, 78.0.3904.37, 78.0.3904.38, 78.0.3904.39, 78.0.3904.40, 78.0.3904.41, 78.0.3904.42, 78.0.3904.43, 78.0.3904.44, 78.0.3904.45, 78.0.3904.46, 78.0.3904.47, 78.0.3904.48, 78.0.3904.49, 78.0.3904.50, 78.0.3904.51, 78.0.3904.52, 78.0.3904.53, 78.0.3904.54, 78.0.3904.55, 78.0.3904.56, 78.0.3904.57, 78.0.3904.58, 78.0.3904.59, 78.0.3904.60, 78.0.3904.61, 78.0.3904.62, 78.0.3904.63, 78.0.3904.66, 78.0.3904.67, 78.0.3904.68, 78.0.3904.69
CPEhttps://chromereleases.googleblog.com/2019/10/stable-channel-update-for-desktop_22.html
https://crbug.com/993415
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
Severity: High
CVSSv3: 7.7 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C] [PCI]
CVE-ID: N/A
CWE-ID:
CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to an unspecified boundary error when processing HTML content. A remote attacker can create a specially crafted website, trick the victim into visiting it, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsGoogle Chrome: 78.0.3904.0, 78.0.3904.1, 78.0.3904.2, 78.0.3904.3, 78.0.3904.4, 78.0.3904.5, 78.0.3904.6, 78.0.3904.7, 78.0.3904.8, 78.0.3904.9, 78.0.3904.10, 78.0.3904.11, 78.0.3904.12, 78.0.3904.13, 78.0.3904.14, 78.0.3904.15, 78.0.3904.16, 78.0.3904.17, 78.0.3904.18, 78.0.3904.19, 78.0.3904.20, 78.0.3904.21, 78.0.3904.22, 78.0.3904.23, 78.0.3904.24, 78.0.3904.25, 78.0.3904.26, 78.0.3904.27, 78.0.3904.28, 78.0.3904.29, 78.0.3904.30, 78.0.3904.31, 78.0.3904.32, 78.0.3904.33, 78.0.3904.34, 78.0.3904.35, 78.0.3904.36, 78.0.3904.37, 78.0.3904.38, 78.0.3904.39, 78.0.3904.40, 78.0.3904.41, 78.0.3904.42, 78.0.3904.43, 78.0.3904.44, 78.0.3904.45, 78.0.3904.46, 78.0.3904.47, 78.0.3904.48, 78.0.3904.49, 78.0.3904.50, 78.0.3904.51, 78.0.3904.52, 78.0.3904.53, 78.0.3904.54, 78.0.3904.55, 78.0.3904.56, 78.0.3904.57, 78.0.3904.58, 78.0.3904.59, 78.0.3904.60, 78.0.3904.61, 78.0.3904.62, 78.0.3904.63, 78.0.3904.66, 78.0.3904.67, 78.0.3904.68, 78.0.3904.69
CPEhttps://chromereleases.googleblog.com/2019/10/stable-channel-update-for-desktop_22.html
https://crbug.com/969420
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
Severity: Medium
CVSSv3: 5.5 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C] [PCI]
CVE-ID: N/A
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass certain security restrictions.
The vulnerability exists due to unspecified error. A remote attacker can create a specially crafted webpage and bypass implemented security restrictions.
MitigationInstall updates from vendor's website.
Vulnerable software versionsGoogle Chrome: 78.0.3904.0, 78.0.3904.1, 78.0.3904.2, 78.0.3904.3, 78.0.3904.4, 78.0.3904.5, 78.0.3904.6, 78.0.3904.7, 78.0.3904.8, 78.0.3904.9, 78.0.3904.10, 78.0.3904.11, 78.0.3904.12, 78.0.3904.13, 78.0.3904.14, 78.0.3904.15, 78.0.3904.16, 78.0.3904.17, 78.0.3904.18, 78.0.3904.19, 78.0.3904.20, 78.0.3904.21, 78.0.3904.22, 78.0.3904.23, 78.0.3904.24, 78.0.3904.25, 78.0.3904.26, 78.0.3904.27, 78.0.3904.28, 78.0.3904.29, 78.0.3904.30, 78.0.3904.31, 78.0.3904.32, 78.0.3904.33, 78.0.3904.34, 78.0.3904.35, 78.0.3904.36, 78.0.3904.37, 78.0.3904.38, 78.0.3904.39, 78.0.3904.40, 78.0.3904.41, 78.0.3904.42, 78.0.3904.43, 78.0.3904.44, 78.0.3904.45, 78.0.3904.46, 78.0.3904.47, 78.0.3904.48, 78.0.3904.49, 78.0.3904.50, 78.0.3904.51, 78.0.3904.52, 78.0.3904.53, 78.0.3904.54, 78.0.3904.55, 78.0.3904.56, 78.0.3904.57, 78.0.3904.58, 78.0.3904.59, 78.0.3904.60, 78.0.3904.61, 78.0.3904.62, 78.0.3904.63, 78.0.3904.66, 78.0.3904.67, 78.0.3904.68, 78.0.3904.69
CPEhttps://chromereleases.googleblog.com/2019/10/stable-channel-update-for-desktop_22.html
https://crbug.com/1011551
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
Severity: Medium
CVSSv3: 5.5 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C] [PCI]
CVE-ID: N/A
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass certain security restrictions.
The vulnerability exists due to unspecified error. A remote attacker can create a specially crafted webpage and bypass implemented security restrictions.
MitigationInstall updates from vendor's website.
Vulnerable software versionsGoogle Chrome: 78.0.3904.0, 78.0.3904.1, 78.0.3904.2, 78.0.3904.3, 78.0.3904.4, 78.0.3904.5, 78.0.3904.6, 78.0.3904.7, 78.0.3904.8, 78.0.3904.9, 78.0.3904.10, 78.0.3904.11, 78.0.3904.12, 78.0.3904.13, 78.0.3904.14, 78.0.3904.15, 78.0.3904.16, 78.0.3904.17, 78.0.3904.18, 78.0.3904.19, 78.0.3904.20, 78.0.3904.21, 78.0.3904.22, 78.0.3904.23, 78.0.3904.24, 78.0.3904.25, 78.0.3904.26, 78.0.3904.27, 78.0.3904.28, 78.0.3904.29, 78.0.3904.30, 78.0.3904.31, 78.0.3904.32, 78.0.3904.33, 78.0.3904.34, 78.0.3904.35, 78.0.3904.36, 78.0.3904.37, 78.0.3904.38, 78.0.3904.39, 78.0.3904.40, 78.0.3904.41, 78.0.3904.42, 78.0.3904.43, 78.0.3904.44, 78.0.3904.45, 78.0.3904.46, 78.0.3904.47, 78.0.3904.48, 78.0.3904.49, 78.0.3904.50, 78.0.3904.51, 78.0.3904.52, 78.0.3904.53, 78.0.3904.54, 78.0.3904.55, 78.0.3904.56, 78.0.3904.57, 78.0.3904.58, 78.0.3904.59, 78.0.3904.60, 78.0.3904.61, 78.0.3904.62, 78.0.3904.63, 78.0.3904.66, 78.0.3904.67, 78.0.3904.68, 78.0.3904.69
CPEhttps://chromereleases.googleblog.com/2019/10/stable-channel-update-for-desktop_22.html
https://crbug.com/989909
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
Severity: Medium
CVSSv3: 5.5 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C] [PCI]
CVE-ID: N/A
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass certain security restrictions.
The vulnerability exists due to unspecified error. A remote attacker can create a specially crafted webpage and bypass implemented security restrictions.
MitigationInstall updates from vendor's website.
Vulnerable software versionsGoogle Chrome: 78.0.3904.0, 78.0.3904.1, 78.0.3904.2, 78.0.3904.3, 78.0.3904.4, 78.0.3904.5, 78.0.3904.6, 78.0.3904.7, 78.0.3904.8, 78.0.3904.9, 78.0.3904.10, 78.0.3904.11, 78.0.3904.12, 78.0.3904.13, 78.0.3904.14, 78.0.3904.15, 78.0.3904.16, 78.0.3904.17, 78.0.3904.18, 78.0.3904.19, 78.0.3904.20, 78.0.3904.21, 78.0.3904.22, 78.0.3904.23, 78.0.3904.24, 78.0.3904.25, 78.0.3904.26, 78.0.3904.27, 78.0.3904.28, 78.0.3904.29, 78.0.3904.30, 78.0.3904.31, 78.0.3904.32, 78.0.3904.33, 78.0.3904.34, 78.0.3904.35, 78.0.3904.36, 78.0.3904.37, 78.0.3904.38, 78.0.3904.39, 78.0.3904.40, 78.0.3904.41, 78.0.3904.42, 78.0.3904.43, 78.0.3904.44, 78.0.3904.45, 78.0.3904.46, 78.0.3904.47, 78.0.3904.48, 78.0.3904.49, 78.0.3904.50, 78.0.3904.51, 78.0.3904.52, 78.0.3904.53, 78.0.3904.54, 78.0.3904.55, 78.0.3904.56, 78.0.3904.57, 78.0.3904.58, 78.0.3904.59, 78.0.3904.60, 78.0.3904.61, 78.0.3904.62, 78.0.3904.63, 78.0.3904.66, 78.0.3904.67, 78.0.3904.68, 78.0.3904.69
CPEhttps://chromereleases.googleblog.com/2019/10/stable-channel-update-for-desktop_22.html
https://crbug.com/988219
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
Severity: Low
CVSSv3: 3.8 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: N/A
CWE-ID:
CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform denial of service attacl.
The vulnerability exists due to a boundary error when processing HTML data. A remote attacker can create a specially crafted webpage, trick the victim into visiting it and crash the browser.
Install updates from vendor's website.
Vulnerable software versionsGoogle Chrome: 78.0.3904.0, 78.0.3904.1, 78.0.3904.2, 78.0.3904.3, 78.0.3904.4, 78.0.3904.5, 78.0.3904.6, 78.0.3904.7, 78.0.3904.8, 78.0.3904.9, 78.0.3904.10, 78.0.3904.11, 78.0.3904.12, 78.0.3904.13, 78.0.3904.14, 78.0.3904.15, 78.0.3904.16, 78.0.3904.17, 78.0.3904.18, 78.0.3904.19, 78.0.3904.20, 78.0.3904.21, 78.0.3904.22, 78.0.3904.23, 78.0.3904.24, 78.0.3904.25, 78.0.3904.26, 78.0.3904.27, 78.0.3904.28, 78.0.3904.29, 78.0.3904.30, 78.0.3904.31, 78.0.3904.32, 78.0.3904.33, 78.0.3904.34, 78.0.3904.35, 78.0.3904.36, 78.0.3904.37, 78.0.3904.38, 78.0.3904.39, 78.0.3904.40, 78.0.3904.41, 78.0.3904.42, 78.0.3904.43, 78.0.3904.44, 78.0.3904.45, 78.0.3904.46, 78.0.3904.47, 78.0.3904.48, 78.0.3904.49, 78.0.3904.50, 78.0.3904.51, 78.0.3904.52, 78.0.3904.53, 78.0.3904.54, 78.0.3904.55, 78.0.3904.56, 78.0.3904.57, 78.0.3904.58, 78.0.3904.59, 78.0.3904.60, 78.0.3904.61, 78.0.3904.62, 78.0.3904.63, 78.0.3904.66, 78.0.3904.67, 78.0.3904.68, 78.0.3904.69
CPEhttps://chromereleases.googleblog.com/2019/10/stable-channel-update-for-desktop_22.html
https://bugs.chromium.org/p/chromium/issues/detail?id=951262
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
Severity: High
CVSSv3: 7.7 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C] [PCI]
CVE-ID: CVE-2019-13699
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error in media component. A remote attacker can create a specially crafted website, trick the victim into visiting it, trigger a use-after-free error and execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsGoogle Chrome: 78.0.3904.0, 78.0.3904.1, 78.0.3904.2, 78.0.3904.3, 78.0.3904.4, 78.0.3904.5, 78.0.3904.6, 78.0.3904.7, 78.0.3904.8, 78.0.3904.9, 78.0.3904.10, 78.0.3904.11, 78.0.3904.12, 78.0.3904.13, 78.0.3904.14, 78.0.3904.15, 78.0.3904.16, 78.0.3904.17, 78.0.3904.18, 78.0.3904.19, 78.0.3904.20, 78.0.3904.21, 78.0.3904.22, 78.0.3904.23, 78.0.3904.24, 78.0.3904.25, 78.0.3904.26, 78.0.3904.27, 78.0.3904.28, 78.0.3904.29, 78.0.3904.30, 78.0.3904.31, 78.0.3904.32, 78.0.3904.33, 78.0.3904.34, 78.0.3904.35, 78.0.3904.36, 78.0.3904.37, 78.0.3904.38, 78.0.3904.39, 78.0.3904.40, 78.0.3904.41, 78.0.3904.42, 78.0.3904.43, 78.0.3904.44, 78.0.3904.45, 78.0.3904.46, 78.0.3904.47, 78.0.3904.48, 78.0.3904.49, 78.0.3904.50, 78.0.3904.51, 78.0.3904.52, 78.0.3904.53, 78.0.3904.54, 78.0.3904.55, 78.0.3904.56, 78.0.3904.57, 78.0.3904.58, 78.0.3904.59, 78.0.3904.60, 78.0.3904.61, 78.0.3904.62, 78.0.3904.63, 78.0.3904.66, 78.0.3904.67, 78.0.3904.68, 78.0.3904.69
CPEhttps://chromereleases.googleblog.com/2019/10/stable-channel-update-for-desktop_22.html
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
Severity: High
CVSSv3: 7.7 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C] [PCI]
CVE-ID: CVE-2019-13700
CWE-ID:
CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in the Blink component. A remote attacker can create a specially crafted website, trick the victim into visiting it, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsGoogle Chrome: 78.0.3904.0, 78.0.3904.1, 78.0.3904.2, 78.0.3904.3, 78.0.3904.4, 78.0.3904.5, 78.0.3904.6, 78.0.3904.7, 78.0.3904.8, 78.0.3904.9, 78.0.3904.10, 78.0.3904.11, 78.0.3904.12, 78.0.3904.13, 78.0.3904.14, 78.0.3904.15, 78.0.3904.16, 78.0.3904.17, 78.0.3904.18, 78.0.3904.19, 78.0.3904.20, 78.0.3904.21, 78.0.3904.22, 78.0.3904.23, 78.0.3904.24, 78.0.3904.25, 78.0.3904.26, 78.0.3904.27, 78.0.3904.28, 78.0.3904.29, 78.0.3904.30, 78.0.3904.31, 78.0.3904.32, 78.0.3904.33, 78.0.3904.34, 78.0.3904.35, 78.0.3904.36, 78.0.3904.37, 78.0.3904.38, 78.0.3904.39, 78.0.3904.40, 78.0.3904.41, 78.0.3904.42, 78.0.3904.43, 78.0.3904.44, 78.0.3904.45, 78.0.3904.46, 78.0.3904.47, 78.0.3904.48, 78.0.3904.49, 78.0.3904.50, 78.0.3904.51, 78.0.3904.52, 78.0.3904.53, 78.0.3904.54, 78.0.3904.55, 78.0.3904.56, 78.0.3904.57, 78.0.3904.58, 78.0.3904.59, 78.0.3904.60, 78.0.3904.61, 78.0.3904.62, 78.0.3904.63, 78.0.3904.66, 78.0.3904.67, 78.0.3904.68, 78.0.3904.69
CPEhttps://chromereleases.googleblog.com/2019/10/stable-channel-update-for-desktop_22.html
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
Severity: Low
CVSSv3: 3.8 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: N/A
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass certain security restrictions.
The vulnerability exists due to unspecified error. A remote attacker can create a specially crafted webpage and bypass implemented security restrictions.
MitigationInstall updates from vendor's website.
Vulnerable software versionsGoogle Chrome: 78.0.3904.0, 78.0.3904.1, 78.0.3904.2, 78.0.3904.3, 78.0.3904.4, 78.0.3904.5, 78.0.3904.6, 78.0.3904.7, 78.0.3904.8, 78.0.3904.9, 78.0.3904.10, 78.0.3904.11, 78.0.3904.12, 78.0.3904.13, 78.0.3904.14, 78.0.3904.15, 78.0.3904.16, 78.0.3904.17, 78.0.3904.18, 78.0.3904.19, 78.0.3904.20, 78.0.3904.21, 78.0.3904.22, 78.0.3904.23, 78.0.3904.24, 78.0.3904.25, 78.0.3904.26, 78.0.3904.27, 78.0.3904.28, 78.0.3904.29, 78.0.3904.30, 78.0.3904.31, 78.0.3904.32, 78.0.3904.33, 78.0.3904.34, 78.0.3904.35, 78.0.3904.36, 78.0.3904.37, 78.0.3904.38, 78.0.3904.39, 78.0.3904.40, 78.0.3904.41, 78.0.3904.42, 78.0.3904.43, 78.0.3904.44, 78.0.3904.45, 78.0.3904.46, 78.0.3904.47, 78.0.3904.48, 78.0.3904.49, 78.0.3904.50, 78.0.3904.51, 78.0.3904.52, 78.0.3904.53, 78.0.3904.54, 78.0.3904.55, 78.0.3904.56, 78.0.3904.57, 78.0.3904.58, 78.0.3904.59, 78.0.3904.60, 78.0.3904.61, 78.0.3904.62, 78.0.3904.63, 78.0.3904.66, 78.0.3904.67, 78.0.3904.68, 78.0.3904.69
CPEhttps://chromereleases.googleblog.com/2019/10/stable-channel-update-for-desktop_22.html
https://crbug.com/955191
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
Severity: Medium
CVSSv3: 5.5 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C] [PCI]
CVE-ID: N/A
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass certain security restrictions.
The vulnerability exists due to unspecified error. A remote attacker can create a specially crafted webpage and bypass implemented security restrictions.
MitigationInstall updates from vendor's website.
Vulnerable software versionsGoogle Chrome: 78.0.3904.0, 78.0.3904.1, 78.0.3904.2, 78.0.3904.3, 78.0.3904.4, 78.0.3904.5, 78.0.3904.6, 78.0.3904.7, 78.0.3904.8, 78.0.3904.9, 78.0.3904.10, 78.0.3904.11, 78.0.3904.12, 78.0.3904.13, 78.0.3904.14, 78.0.3904.15, 78.0.3904.16, 78.0.3904.17, 78.0.3904.18, 78.0.3904.19, 78.0.3904.20, 78.0.3904.21, 78.0.3904.22, 78.0.3904.23, 78.0.3904.24, 78.0.3904.25, 78.0.3904.26, 78.0.3904.27, 78.0.3904.28, 78.0.3904.29, 78.0.3904.30, 78.0.3904.31, 78.0.3904.32, 78.0.3904.33, 78.0.3904.34, 78.0.3904.35, 78.0.3904.36, 78.0.3904.37, 78.0.3904.38, 78.0.3904.39, 78.0.3904.40, 78.0.3904.41, 78.0.3904.42, 78.0.3904.43, 78.0.3904.44, 78.0.3904.45, 78.0.3904.46, 78.0.3904.47, 78.0.3904.48, 78.0.3904.49, 78.0.3904.50, 78.0.3904.51, 78.0.3904.52, 78.0.3904.53, 78.0.3904.54, 78.0.3904.55, 78.0.3904.56, 78.0.3904.57, 78.0.3904.58, 78.0.3904.59, 78.0.3904.60, 78.0.3904.61, 78.0.3904.62, 78.0.3904.63, 78.0.3904.66, 78.0.3904.67, 78.0.3904.68, 78.0.3904.69
CPEhttps://chromereleases.googleblog.com/2019/10/stable-channel-update-for-desktop_22.html
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
Severity: Medium
CVSSv3: 5.5 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C] [PCI]
CVE-ID: N/A
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass certain security restrictions.
The vulnerability exists due to unspecified error. A remote attacker can create a specially crafted webpage and bypass implemented security restrictions.
MitigationInstall updates from vendor's website.
Vulnerable software versionsGoogle Chrome: 78.0.3904.0, 78.0.3904.1, 78.0.3904.2, 78.0.3904.3, 78.0.3904.4, 78.0.3904.5, 78.0.3904.6, 78.0.3904.7, 78.0.3904.8, 78.0.3904.9, 78.0.3904.10, 78.0.3904.11, 78.0.3904.12, 78.0.3904.13, 78.0.3904.14, 78.0.3904.15, 78.0.3904.16, 78.0.3904.17, 78.0.3904.18, 78.0.3904.19, 78.0.3904.20, 78.0.3904.21, 78.0.3904.22, 78.0.3904.23, 78.0.3904.24, 78.0.3904.25, 78.0.3904.26, 78.0.3904.27, 78.0.3904.28, 78.0.3904.29, 78.0.3904.30, 78.0.3904.31, 78.0.3904.32, 78.0.3904.33, 78.0.3904.34, 78.0.3904.35, 78.0.3904.36, 78.0.3904.37, 78.0.3904.38, 78.0.3904.39, 78.0.3904.40, 78.0.3904.41, 78.0.3904.42, 78.0.3904.43, 78.0.3904.44, 78.0.3904.45, 78.0.3904.46, 78.0.3904.47, 78.0.3904.48, 78.0.3904.49, 78.0.3904.50, 78.0.3904.51, 78.0.3904.52, 78.0.3904.53, 78.0.3904.54, 78.0.3904.55, 78.0.3904.56, 78.0.3904.57, 78.0.3904.58, 78.0.3904.59, 78.0.3904.60, 78.0.3904.61, 78.0.3904.62, 78.0.3904.63, 78.0.3904.66, 78.0.3904.67, 78.0.3904.68, 78.0.3904.69
CPEhttps://chromereleases.googleblog.com/2019/10/stable-channel-update-for-desktop_22.html
https://crbug.com/985499
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
Severity: Medium
CVSSv3: 5.5 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C] [PCI]
CVE-ID: N/A
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass certain security restrictions.
The vulnerability exists due to unspecified error. A remote attacker can create a specially crafted webpage and bypass implemented security restrictions.
MitigationInstall updates from vendor's website.
Vulnerable software versionsGoogle Chrome: 78.0.3904.0, 78.0.3904.1, 78.0.3904.2, 78.0.3904.3, 78.0.3904.4, 78.0.3904.5, 78.0.3904.6, 78.0.3904.7, 78.0.3904.8, 78.0.3904.9, 78.0.3904.10, 78.0.3904.11, 78.0.3904.12, 78.0.3904.13, 78.0.3904.14, 78.0.3904.15, 78.0.3904.16, 78.0.3904.17, 78.0.3904.18, 78.0.3904.19, 78.0.3904.20, 78.0.3904.21, 78.0.3904.22, 78.0.3904.23, 78.0.3904.24, 78.0.3904.25, 78.0.3904.26, 78.0.3904.27, 78.0.3904.28, 78.0.3904.29, 78.0.3904.30, 78.0.3904.31, 78.0.3904.32, 78.0.3904.33, 78.0.3904.34, 78.0.3904.35, 78.0.3904.36, 78.0.3904.37, 78.0.3904.38, 78.0.3904.39, 78.0.3904.40, 78.0.3904.41, 78.0.3904.42, 78.0.3904.43, 78.0.3904.44, 78.0.3904.45, 78.0.3904.46, 78.0.3904.47, 78.0.3904.48, 78.0.3904.49, 78.0.3904.50, 78.0.3904.51, 78.0.3904.52, 78.0.3904.53, 78.0.3904.54, 78.0.3904.55, 78.0.3904.56, 78.0.3904.57, 78.0.3904.58, 78.0.3904.59, 78.0.3904.60, 78.0.3904.61, 78.0.3904.62, 78.0.3904.63, 78.0.3904.66, 78.0.3904.67, 78.0.3904.68, 78.0.3904.69
CPEhttps://chromereleases.googleblog.com/2019/10/stable-channel-update-for-desktop_22.html
https://crbug.com/961614
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
Severity: Medium
CVSSv3: 5.5 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C] [PCI]
CVE-ID: N/A
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass certain security restrictions.
The vulnerability exists due to unspecified error. A remote attacker can create a specially crafted webpage and bypass implemented security restrictions.
MitigationInstall updates from vendor's website.
Vulnerable software versionsGoogle Chrome: 78.0.3904.0, 78.0.3904.1, 78.0.3904.2, 78.0.3904.3, 78.0.3904.4, 78.0.3904.5, 78.0.3904.6, 78.0.3904.7, 78.0.3904.8, 78.0.3904.9, 78.0.3904.10, 78.0.3904.11, 78.0.3904.12, 78.0.3904.13, 78.0.3904.14, 78.0.3904.15, 78.0.3904.16, 78.0.3904.17, 78.0.3904.18, 78.0.3904.19, 78.0.3904.20, 78.0.3904.21, 78.0.3904.22, 78.0.3904.23, 78.0.3904.24, 78.0.3904.25, 78.0.3904.26, 78.0.3904.27, 78.0.3904.28, 78.0.3904.29, 78.0.3904.30, 78.0.3904.31, 78.0.3904.32, 78.0.3904.33, 78.0.3904.34, 78.0.3904.35, 78.0.3904.36, 78.0.3904.37, 78.0.3904.38, 78.0.3904.39, 78.0.3904.40, 78.0.3904.41, 78.0.3904.42, 78.0.3904.43, 78.0.3904.44, 78.0.3904.45, 78.0.3904.46, 78.0.3904.47, 78.0.3904.48, 78.0.3904.49, 78.0.3904.50, 78.0.3904.51, 78.0.3904.52, 78.0.3904.53, 78.0.3904.54, 78.0.3904.55, 78.0.3904.56, 78.0.3904.57, 78.0.3904.58, 78.0.3904.59, 78.0.3904.60, 78.0.3904.61, 78.0.3904.62, 78.0.3904.63, 78.0.3904.66, 78.0.3904.67, 78.0.3904.68, 78.0.3904.69
CPEhttps://chromereleases.googleblog.com/2019/10/stable-channel-update-for-desktop_22.html
https://crbug.com/775511
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
Severity: High
CVSSv3: 7.7 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C] [PCI]
CVE-ID: N/A
CWE-ID:
CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to an unspecified boundary error when processing HTML content. A remote attacker can create a specially crafted website, trick the victim into visiting it, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsGoogle Chrome: 78.0.3904.0, 78.0.3904.1, 78.0.3904.2, 78.0.3904.3, 78.0.3904.4, 78.0.3904.5, 78.0.3904.6, 78.0.3904.7, 78.0.3904.8, 78.0.3904.9, 78.0.3904.10, 78.0.3904.11, 78.0.3904.12, 78.0.3904.13, 78.0.3904.14, 78.0.3904.15, 78.0.3904.16, 78.0.3904.17, 78.0.3904.18, 78.0.3904.19, 78.0.3904.20, 78.0.3904.21, 78.0.3904.22, 78.0.3904.23, 78.0.3904.24, 78.0.3904.25, 78.0.3904.26, 78.0.3904.27, 78.0.3904.28, 78.0.3904.29, 78.0.3904.30, 78.0.3904.31, 78.0.3904.32, 78.0.3904.33, 78.0.3904.34, 78.0.3904.35, 78.0.3904.36, 78.0.3904.37, 78.0.3904.38, 78.0.3904.39, 78.0.3904.40, 78.0.3904.41, 78.0.3904.42, 78.0.3904.43, 78.0.3904.44, 78.0.3904.45, 78.0.3904.46, 78.0.3904.47, 78.0.3904.48, 78.0.3904.49, 78.0.3904.50, 78.0.3904.51, 78.0.3904.52, 78.0.3904.53, 78.0.3904.54, 78.0.3904.55, 78.0.3904.56, 78.0.3904.57, 78.0.3904.58, 78.0.3904.59, 78.0.3904.60, 78.0.3904.61, 78.0.3904.62, 78.0.3904.63, 78.0.3904.66, 78.0.3904.67, 78.0.3904.68, 78.0.3904.69
CPEhttps://chromereleases.googleblog.com/2019/10/stable-channel-update-for-desktop_22.html
https://crbug.com/1003313
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.