CVE-2019-5773

Insufficient origin validation in IndexedDB in Google Chrome prior to 72.0.3626.81 allowed a remote attacker who had compromised the…

Chrome·CWE-346·Published 2019-02-19

CVSS

—

EPSS

0.02

KEV

Exploits

Vendor statements (4)

cve.orgen

203 chars

Insufficient origin validation in IndexedDB in Google Chrome prior to 72.0.3626.81 allowed a remote attacker who had compromised the renderer process to bypass same origin policy via a crafted HTML page.

NVDes

252 chars

La validación de origen insuficiente en IndexedDB en Google Chrome, en versiones anteriores a la 72.0.3626.81, permitía a un atacante, que comprometió el proceso de renderización, omitir la política del mismo origen mediante una página HTML manipulada.

CVSS metrics across sources

Version	Type	Source	Base	Exp	Impact	Vector
2.0	Primary	NVD	4.3	8.6	2.9	AV:N/AC:M/Au:N/C:N/I:P/A:N
3.0	Primary	NVD	6.5	2.8	3.6	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N