CVE-2019-13707

Published: Nov 25, 2019Modified: Nov 21, 2024

5.5

Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Exploitability: 1.8 / Impact: 3.6

Source: NVD

Description

Insufficient validation of untrusted input in intents in Google Chrome on Android prior to 78.0.3904.70 allowed a local attacker to leak files via a crafted application.

Affected (2)

Products: Google: Chrome · Opensuse: Backports

1 product

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Google Chrome	Before 78.0.3904.70

Configuration B

1 vulnerable

Vulnerable Software	Affected Versions
Opensuse Backports	Version sle-15 sp1

Related CWEs

CWE-20

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (6)

http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00008.html

Source: chrome-cve-admin@google.com

https://chromereleases.googleblog.com/2019/10/stable-channel-update-for-desktop_22.html

Source: chrome-cve-admin@google.com

https://crbug.com/859349

Source: chrome-cve-admin@google.com

http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00008.html

Source: af854a3a-2127-422b-91ae-364da2661108

https://chromereleases.googleblog.com/2019/10/stable-channel-update-for-desktop_22.html

Source: af854a3a-2127-422b-91ae-364da2661108

https://crbug.com/859349

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.