CVE-2019-13689

Published: Aug 25, 2023Modified: May 2, 2025

7.8

Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

Inappropriate implementation in OS in Google Chrome on ChromeOS prior to 75.0.3770.80 allowed a remote attacker to perform arbitrary read/write via a malicious file. (Chromium security severity: Critical)

Affected (1)

Products: Google: Chrome

Google

1 product

Chrome

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Google Chrome	Before 75.0.3770.80

Running on/with	Platform Versions
Google Chrome Os	All versions

Related CWEs

CWE-59

Improper Link Resolution Before File Access ('Link Following')

The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.

References (4)

https://bugs.chromium.org/p/chromium/issues/detail?id=960109

Source: chrome-cve-admin@google.com

ExploitIssue TrackingPatchVendor Advisory

https://crbug.com/960109

Source: chrome-cve-admin@google.com

ExploitIssue TrackingPatchVendor Advisory

https://bugs.chromium.org/p/chromium/issues/detail?id=960109

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitIssue TrackingPatchVendor Advisory

https://crbug.com/960109

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitIssue TrackingPatchVendor Advisory

Timeline

No history available yet.