CVE-2019-13682

High

Insufficient policy enforcement in external protocol handling in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to bypass…

Chrome·CWE-281·Published 2019-11-25

CVSS

8.8

EPSS

0.01

KEV

Exploits

cve.orgen

180 chars

Insufficient policy enforcement in external protocol handling in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to bypass same origin policy via a crafted HTML page.

NVDen

180 chars

Insufficient policy enforcement in external protocol handling in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to bypass same origin policy via a crafted HTML page.

Una aplicación de política insuficiente en external protocol handling en Google Chrome versiones anteriores a 77.0.3865.75, permitió a un atacante remoto omitir la política del mismo origen por medio de una página HTML diseñada.

CVSS metrics across sources

Version	Type	Source	Base	Exp	Impact	Vector
2.0	Primary	NVD	6.8	8.6	6.4	AV:N/AC:M/Au:N/C:P/I:P/A:P
3.1	Primary	NVD	8.8	2.8	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H