CVE-2019-13750: SQL Injection
First published: Tue Dec 10 2019(Updated: )
An insufficient data validation flaw was found in the SQLite component of the Chromium browser. Upstream bug(s): <a href="https://code.google.com/p/chromium/issues/detail?id=1025464">https://code.google.com/p/chromium/issues/detail?id=1025464</a> External References: <a href="https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop.html">https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop.html</a>
Credit: chrome-cve-admin@google.com chrome-cve-admin@google.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Google Chrome | <79.0.3945.79 | |
| Debian Debian Linux | =9.0 | |
| Debian Debian Linux | =10.0 | |
| Fedoraproject Fedora | =30 | |
| Fedoraproject Fedora | =31 | |
| Redhat Enterprise Linux Desktop | =6.0 | |
| Redhat Enterprise Linux Desktop | =6.0 | |
| Redhat Enterprise Linux For Scientific Computing | =6.0 | |
| Redhat Enterprise Linux For Scientific Computing | =6.0 | |
| Redhat Enterprise Linux Server | =6.0 | |
| Redhat Enterprise Linux Server | =6.0 | |
| Redhat Enterprise Linux Workstation | =6.0 | |
| Redhat Enterprise Linux Workstation | =6.0 | |
| Canonical Ubuntu Linux | =14.04 | |
| Canonical Ubuntu Linux | =16.04 | |
| Canonical Ubuntu Linux | =18.04 | |
| Canonical Ubuntu Linux | =19.10 | |
| redhat/chromium-browser | <79.0.3945.79 | 79.0.3945.79 |
| debian/chromium | 120.0.6099.224-1~deb11u1 128.0.6613.84-1~deb12u1 129.0.6668.100-1~deb12u1 129.0.6668.89-1 129.0.6668.100-2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop.html
- https://crbug.com/1025464
- https://access.redhat.com/errata/RHSA-2019:4238
- http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00032.html
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2Z5M4FPUMDNX2LDPHJKN5ZV5GIS2AKNU/
- http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00036.html
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N5CIQCVS6E3ULJCNU7YJXJPO2BLQZDTK/
- https://seclists.org/bugtraq/2020/Jan/27
- https://www.debian.org/security/2020/dsa-4606
- https://security.gentoo.org/glsa/202003-08
- https://usn.ubuntu.com/4298-1/
- https://usn.ubuntu.com/4298-2/
- https://launchpad.net/bugs/cve/CVE-2019-13750
- https://code.google.com/p/chromium/issues/detail?id=1025464
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1782013
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1782012
- https://access.redhat.com/security/cve/cve-2019-13750
- https://chromium.googlesource.com/chromium/src/third_party/sqlite/+/47bd97d715260127c995d92dde8dd8adb669b6b3
- https://chromium.googlesource.com/chromium/src/third_party/sqlite/+/47bd97d715260127c995d92dde8dd8adb669b6b3/patches/0001-Don-t-allow-shadow-tables-to-be-dropped-in-defensive.patch
- https://www.sqlite.org/src/info/70390bbca49e7066
- https://github.com/sqlite/sqlite/commit/c72f2fb7feff582444b8ffdc6c900c69847ce8a9
- https://www.sqlite.org/releaselog/3_26_0.html
- https://www.sqlite.org/c3ref/c_dbconfig_defensive.html#sqlitedbconfigdefensive
- https://github.com/sqlite/sqlite/commit/a296cda016dfcf81674b04c041637fa0a4f426ac
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1786515
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1786514
- https://access.redhat.com/errata/RHSA-2021:4396
- https://bugzilla.redhat.com/show_bug.cgi?id=1781997
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2Z5M4FPUMDNX2LDPHJKN5ZV5GIS2AKNU/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N5CIQCVS6E3ULJCNU7YJXJPO2BLQZDTK/
- https://security-tracker.debian.org/tracker/CVE-2019-13750
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13750
- https://nvd.nist.gov/vuln/detail/CVE-2019-13750
- https://ubuntu.com/security/CVE-2019-13750
Frequently Asked Questions
What is CVE-2019-13750?
CVE-2019-13750 is a vulnerability in SQLite in Google Chrome prior to version 79.0.3945.79 that allows a remote attacker to bypass defense-in-depth measures via a crafted HTML page.
How severe is CVE-2019-13750?
CVE-2019-13750 has a severity rating of 6.5, which is considered medium.
Which software versions are affected by CVE-2019-13750?
CVE-2019-13750 affects Google Chrome prior to version 79.0.3945.79, Redhat Chromium Browser 79.0.3945.79, Debian Linux 9.0 and 10.0, Fedora 30 and 31, Redhat Enterprise Linux Desktop, Redhat Enterprise Linux For Scientific Computing, Redhat Enterprise Linux Server, Redhat Enterprise Linux Workstation, Canonical Ubuntu Linux 14.04, 16.04, 18.04, and 19.10.
How can I fix CVE-2019-13750?
To fix CVE-2019-13750, you should update Google Chrome to version 79.0.3945.79 or later, or install the appropriate security updates for the affected software versions.
Where can I find more information about CVE-2019-13750?
You can find more information about CVE-2019-13750 on the Debian security tracker, Chromium issue tracker, and the Google Chrome release blog.
- agent/type
- agent/remedy
- collector/launchpad-cve
- source/Launchpad
- collector/nvd-index
- agent/software-canonical-lookup-request
- agent/author
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2019-13750
- agent/software-canonical-lookup
- agent/severity
- agent/weakness
- collector/nvd-cve
- source/NVD
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- collector/usn-cve
- source/Ubuntu
- agent/references
- agent/tags
- agent/description
- agent/first-publish-date
- agent/event
- collector/security-tracker-debian
- source/Debian
- agent/softwarecombine
- agent/trending
- vendor/google
- canonical/google chrome
- vendor/debian
- canonical/debian debian linux
- version/debian debian linux/9.0
- version/debian debian linux/10.0
- vendor/fedoraproject
- canonical/fedoraproject fedora
- version/fedoraproject fedora/30
- version/fedoraproject fedora/31
- vendor/redhat
- canonical/redhat enterprise linux desktop
- version/redhat enterprise linux desktop/6.0
- canonical/redhat enterprise linux for scientific computing
- version/redhat enterprise linux for scientific computing/6.0
- canonical/redhat enterprise linux server
- version/redhat enterprise linux server/6.0
- canonical/redhat enterprise linux workstation
- version/redhat enterprise linux workstation/6.0
- vendor/canonical
- canonical/canonical ubuntu linux
- version/canonical ubuntu linux/14.04
- version/canonical ubuntu linux/16.04
- version/canonical ubuntu linux/18.04
- version/canonical ubuntu linux/19.10
- package-manager/redhat
- package-manager/debian