CVE-2019-13684
Advisory lineage Upstream: 0 Downstream: 3
Modified
Published: 25 Nov 2019, 14:22
Last modified:04 Aug 2024, 23:57
Vulnerability Summary
Overall Risk (default)
low
21/100 CVSS Score
5.3 MEDIUM
v3.1 (nvd)
EPSS Score
0.16% LOW
0% probability -0.11%
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected
Timeline
25 Nov 2019, 14:22
Published
Vulnerability first disclosed
04 Aug 2024, 23:57
Last Modified
Vulnerability information updated
Description
Inappropriate implementation in JavaScript in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
CVSS Metrics
- v3.1•MEDIUM•Score: 5.3CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N
- v2.0•LOW•Score: 2.6AV:N/AC:H/Au:N/C:P/I:N/A:N
EPSS Trends
Current EPSS score: 0.16%• Percentile: 36%
Techniques & Countermeasures
- CWE-203•Observable Discrepancy
The product behaves differently or sends different responses under different circumstances in a way that is observable to an unauthorized actor.
Affected Systems
- Unknown•Chrome
< 72.0.3626.81 | ≥ unspecified, < 72.0.3626.81