CVE-2019-13748
First published: Tue Dec 10 2019(Updated: )
An insufficient policy enforcement flaw was found in the developer tools component of the Chromium browser. Upstream bug(s): <a href="https://code.google.com/p/chromium/issues/detail?id=993706">https://code.google.com/p/chromium/issues/detail?id=993706</a> External References: <a href="https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop.html">https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop.html</a>
Credit: chrome-cve-admin@google.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Google Chrome | <79.0.3945.79 | |
| Debian Debian Linux | =9.0 | |
| Debian Debian Linux | =10.0 | |
| Fedoraproject Fedora | =30 | |
| Fedoraproject Fedora | =31 | |
| Redhat Enterprise Linux Desktop | =6.0 | |
| Redhat Enterprise Linux Desktop | =6.0 | |
| Redhat Enterprise Linux For Scientific Computing | =6.0 | |
| Redhat Enterprise Linux For Scientific Computing | =6.0 | |
| Redhat Enterprise Linux Server | =6.0 | |
| Redhat Enterprise Linux Server | =6.0 | |
| Redhat Enterprise Linux Workstation | =6.0 | |
| Redhat Enterprise Linux Workstation | =6.0 | |
| redhat/chromium-browser | <79.0.3945.79 | 79.0.3945.79 |
| debian/chromium | 90.0.4430.212-1~deb10u1 116.0.5845.180-1~deb11u1 120.0.6099.129-1~deb11u1 119.0.6045.199-1~deb12u1 120.0.6099.129-1~deb12u1 120.0.6099.129-1 |
Remedy
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://security-tracker.debian.org/tracker/CVE-2019-13748
- http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00032.html
- http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00036.html
- https://access.redhat.com/errata/RHSA-2019:4238
- https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop.html
- https://crbug.com/993706
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2Z5M4FPUMDNX2LDPHJKN5ZV5GIS2AKNU/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N5CIQCVS6E3ULJCNU7YJXJPO2BLQZDTK/
- https://seclists.org/bugtraq/2020/Jan/27
- https://security.gentoo.org/glsa/202003-08
- https://www.debian.org/security/2020/dsa-4606
- https://code.google.com/p/chromium/issues/detail?id=993706
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1782013
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1782012
- https://access.redhat.com/security/cve/cve-2019-13748
- https://bugzilla.redhat.com/show_bug.cgi?id=1781994
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2Z5M4FPUMDNX2LDPHJKN5ZV5GIS2AKNU/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N5CIQCVS6E3ULJCNU7YJXJPO2BLQZDTK/
Frequently Asked Questions
What is CVE-2019-13748?
CVE-2019-13748 refers to the vulnerability where insufficient policy enforcement in developer tools in Google Chrome prior to 79.0.3945.79 allowed a local attacker to obtain potentially sensitive information from process memory via a crafted HTML page.
Which software versions are affected by CVE-2019-13748?
The software versions affected by CVE-2019-13748 are Google Chrome prior to 79.0.3945.79, Debian Linux 9.0 and 10.0, Fedora 30 and 31, and Redhat Enterprise Linux Desktop, Server, and Workstation 6.0.
What is the severity of CVE-2019-13748?
CVE-2019-13748 has a severity value of 6.5, which is classified as medium severity.
How can I fix CVE-2019-13748?
To fix CVE-2019-13748, you should update Google Chrome to version 79.0.3945.79.
Are there any additional references for CVE-2019-13748?
Yes, you can find additional references for CVE-2019-13748 at the following links: [https://code.google.com/p/chromium/issues/detail?id=993706](https://code.google.com/p/chromium/issues/detail?id=993706), [https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop.html](https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop.html), [https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1782013](https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1782013).
- collector/security-tracker-debian
- agent/type
- agent/softwarecombine
- collector/nvd-index
- agent/software-canonical-lookup-request
- agent/author
- agent/severity
- agent/remedy
- agent/weakness
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2019-13748
- agent/software-canonical-lookup
- collector/mitre-cve
- source/MITRE
- agent/references
- agent/last-modified-date
- agent/tags
- agent/description
- agent/first-publish-date
- agent/event
- agent/trending
- package-manager/debian
- vendor/google
- canonical/google chrome
- vendor/debian
- canonical/debian debian linux
- version/debian debian linux/9.0
- version/debian debian linux/10.0
- vendor/fedoraproject
- canonical/fedoraproject fedora
- version/fedoraproject fedora/30
- version/fedoraproject fedora/31
- vendor/redhat
- canonical/redhat enterprise linux desktop
- version/redhat enterprise linux desktop/6.0
- canonical/redhat enterprise linux for scientific computing
- version/redhat enterprise linux for scientific computing/6.0
- canonical/redhat enterprise linux server
- version/redhat enterprise linux server/6.0
- canonical/redhat enterprise linux workstation
- version/redhat enterprise linux workstation/6.0
- package-manager/redhat