CVE-2019-13727

Insufficient policy enforcement in WebSockets in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to bypass same origin policy via a crafted HTML page.

Weakness

The product does not preserve permissions or incorrectly preserves permissions when copying, restoring, or sharing objects, which can cause them to have less restrictive permissions than intended.

Affected Software

Name	Vendor	Start Version	End Version
Chrome	Google	*	79.0.3945.79 (excluding)
Red Hat Enterprise Linux 6 Supplementary	RedHat	chromium-browser-0:79.0.3945.79-1.el6_10	*
Chromium-browser	Ubuntu	bionic	*
Chromium-browser	Ubuntu	devel	*
Chromium-browser	Ubuntu	disco	*
Chromium-browser	Ubuntu	eoan	*
Chromium-browser	Ubuntu	trusty	*
Chromium-browser	Ubuntu	upstream	*
Chromium-browser	Ubuntu	xenial	*

References

http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00032.html
http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00036.html
https://access.redhat.com/errata/RHSA-2019:4238
https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop.html
https://crbug.com/944619
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2Z5M4FPUMDNX2LDPHJKN5ZV5GIS2AKNU/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N5CIQCVS6E3ULJCNU7YJXJPO2BLQZDTK/
https://seclists.org/bugtraq/2020/Jan/27
https://security.gentoo.org/glsa/202003-08
https://www.debian.org/security/2020/dsa-4606

NVD	https://nvd.nist.gov/vuln/detail/CVE-2019-13727
CWE	https://cwe.mitre.org/data/definitions/281.html

Improper Preservation of Permissions

Weakness

Affected Software

References