CVE-2019-13668

NVD

https://nvd.nist.gov/vuln/detail/CVE-2019-13668

CWE

https://cwe.mitre.org/data/definitions/281.html

Insufficient policy enforcement in developer tools in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

Weakness

The product does not preserve permissions or incorrectly preserves permissions when copying, restoring, or sharing objects, which can cause them to have less restrictive permissions than intended.

Affected Software

Name	Vendor	Start Version	End Version
Chrome	Google	*	77.0.3865.75 (excluding)
Red Hat Enterprise Linux 6 Supplementary	RedHat	chromium-browser-0:77.0.3865.120-2.el6_10	*
Chromium-browser	Ubuntu	bionic	*
Chromium-browser	Ubuntu	devel	*
Chromium-browser	Ubuntu	disco	*
Chromium-browser	Ubuntu	eoan	*
Chromium-browser	Ubuntu	trusty	*
Chromium-browser	Ubuntu	upstream	*
Chromium-browser	Ubuntu	xenial	*

References

https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop.html
https://crbug.com/986393
https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop.html
https://crbug.com/986393

Improper Preservation of Permissions

Weakness

Affected Software

References