CVE-2019-5832
First published: Thu Jun 27 2019(Updated: )
Insufficient policy enforcement in XMLHttpRequest in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
Credit: cve-coordination@google.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Google Chrome | <75.0.3770.80 | |
| Opensuse Backports | =sle-15 | |
| openSUSE Leap | =15.0 | |
| openSUSE Leap | =15.1 | |
| openSUSE Leap | =42.3 | |
| Debian Debian Linux | =10.0 | |
| Fedoraproject Fedora | =29 | |
| Fedoraproject Fedora | =30 | |
| debian/chromium | 90.0.4430.212-1~deb10u1 116.0.5845.180-1~deb11u1 120.0.6099.129-1~deb11u1 119.0.6045.199-1~deb12u1 120.0.6099.129-1~deb12u1 120.0.6099.129-1 |
Remedy
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://security-tracker.debian.org/tracker/CVE-2019-5832
- http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html
- https://chromereleases.googleblog.com/2019/06/stable-channel-update-for-desktop.html
- https://crbug.com/959390
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CPM7VPE27DUNJLXM4F5PAAEFFWOEND6X/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EI3DGFVT7CKJO6YVMP55R35HCDVEIC4Z/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FKN4GPMBQ3SDXWB4HL45II5CZ7P2E4AI/
- https://seclists.org/bugtraq/2019/Aug/19
- https://security.gentoo.org/glsa/201908-18
- https://www.debian.org/security/2019/dsa-4500
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FKN4GPMBQ3SDXWB4HL45II5CZ7P2E4AI/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CPM7VPE27DUNJLXM4F5PAAEFFWOEND6X/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EI3DGFVT7CKJO6YVMP55R35HCDVEIC4Z/
Frequently Asked Questions
What is CVE-2019-5832?
CVE-2019-5832 is a vulnerability in Google Chrome prior to 75.0.3770.80 that allows a remote attacker to leak cross-origin data via a crafted HTML page.
How can this vulnerability be exploited?
This vulnerability can be exploited by an attacker by creating a specially crafted HTML page.
What is the severity of CVE-2019-5832?
The severity of CVE-2019-5832 is medium with a CVSS score of 6.5.
Which software versions are affected by CVE-2019-5832?
Google Chrome prior to version 75.0.3770.80, Opensuse Backports, openSUSE Leap 15.0, openSUSE Leap 15.1, openSUSE Leap 42.3, Debian Debian Linux 10.0, Fedoraproject Fedora 29, Fedoraproject Fedora 30, and Chromium versions 90.0.4430.212-1~deb10u1, 116.0.5845.180-1~deb11u1, 119.0.6045.199-1~deb11u1, 116.0.5845.180-1~deb12u1, 119.0.6045.199-1~deb12u1, 119.0.6045.159-1, and 119.0.6045.199-1 are affected by this vulnerability.
How do I fix CVE-2019-5832?
To fix CVE-2019-5832, update Google Chrome to version 75.0.3770.80 or later, or update Chromium to versions 90.0.4430.212-1~deb10u1, 116.0.5845.180-1~deb11u1, 119.0.6045.199-1~deb11u1, 116.0.5845.180-1~deb12u1, 119.0.6045.199-1~deb12u1, 119.0.6045.159-1, or 119.0.6045.199-1 depending on your operating system.
- collector/security-tracker-debian
- agent/type
- agent/remedy
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- collector/nvd-index
- agent/software-canonical-lookup-request
- agent/references
- agent/author
- agent/severity
- agent/tags
- agent/description
- agent/event
- collector/mitre-cve
- source/MITRE
- package-manager/debian
- vendor/google
- canonical/google chrome
- vendor/opensuse
- canonical/opensuse backports
- version/opensuse backports/sle-15
- canonical/opensuse leap
- version/opensuse leap/15.0
- version/opensuse leap/15.1
- version/opensuse leap/42.3
- vendor/debian
- canonical/debian debian linux
- version/debian debian linux/10.0
- vendor/fedoraproject
- canonical/fedoraproject fedora
- version/fedoraproject fedora/29
- version/fedoraproject fedora/30