CVE-2019-5774

Published: Feb 19, 2019Modified: Nov 21, 2024

8.8

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: NVD

Description

Omission of the .desktop filetype from the Safe Browsing checklist in SafeBrowsing in Google Chrome on Linux prior to 72.0.3626.81 allowed an attacker who convinced a user to download a .desktop file to execute arbitrary code via a downloaded .desktop file.

Affected (7)

Products: Google: Chrome · Debian: Debian Linux · Redhat: Enterprise Linux Desktop, Enterprise Linux Server, Enterprise Linux Workstation · +1 more

Show all products

Google: Chrome · Debian: Debian Linux · Redhat: Enterprise Linux Desktop, Enterprise Linux Server, Enterprise Linux Workstation · Fedoraproject: Fedora

1 product

1 product

3 products

Enterprise Linux Desktop

Enterprise Linux Server

Enterprise Linux Workstation

1 product

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Google Chrome	Before 72.0.3626.81

Running on/with	Platform Versions
Linux Linux Kernel	All versions

Configuration B

1 vulnerable

Vulnerable Software	Affected Versions
Debian Debian Linux	Version 9.0

Configuration C

3 vulnerable

Vulnerable Software	Affected Versions
Redhat Enterprise Linux Desktop	Version 6.0
Redhat Enterprise Linux Server	Version 6.0
Redhat Enterprise Linux Workstation	Version 6.0

Configuration D

2 vulnerable

Vulnerable Software	Affected Versions
Fedoraproject Fedora	Version 29
Fedoraproject Fedora	Version 30

Related CWEs

Missing Authorization

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

References (14)

http://www.securityfocus.com/bid/106767

Source: chrome-cve-admin@google.com

https://access.redhat.com/errata/RHSA-2019:0309

Source: chrome-cve-admin@google.com

https://chromereleases.googleblog.com/2019/01/stable-channel-update-for-desktop.html

Source: chrome-cve-admin@google.com

https://crbug.com/904182

Source: chrome-cve-admin@google.com

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JVFHYCJGMZQUKYSIE2BXE4NLEGFGUXU5/

Source: chrome-cve-admin@google.com

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZQOP53LXXPRGD4N5OBKGQTSMFXT32LF6/

Source: chrome-cve-admin@google.com

https://www.debian.org/security/2019/dsa-4395

Source: chrome-cve-admin@google.com

http://www.securityfocus.com/bid/106767

Source: af854a3a-2127-422b-91ae-364da2661108

https://access.redhat.com/errata/RHSA-2019:0309

Source: af854a3a-2127-422b-91ae-364da2661108

https://chromereleases.googleblog.com/2019/01/stable-channel-update-for-desktop.html

Source: af854a3a-2127-422b-91ae-364da2661108

https://crbug.com/904182

Source: af854a3a-2127-422b-91ae-364da2661108

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JVFHYCJGMZQUKYSIE2BXE4NLEGFGUXU5/

Source: af854a3a-2127-422b-91ae-364da2661108

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZQOP53LXXPRGD4N5OBKGQTSMFXT32LF6/

Source: af854a3a-2127-422b-91ae-364da2661108

https://www.debian.org/security/2019/dsa-4395

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.