cnvd - cnvd-2019-07982

CNVD-2019-07982

Vulnerability from cnvd - Published: 2019-03-12

Title

Google Chrome命令执行漏洞

Description

Google Chrome是美国谷歌（Google）公司开发的一款Web浏览器。 Google Chrome 73.0.3683.75之前版本存在命令行命令注入漏洞。攻击者可利用漏洞在浏览器上下文中执行任意代码，获取敏感信息。

Severity

中

Patch Name

Google Chrome命令执行漏洞的补丁

Patch Description

Google Chrome是美国谷歌（Google）公司开发的一款Web浏览器。 Google Chrome 73.0.3683.75之前版本存在命令行命令注入漏洞。攻击者可利用漏洞在浏览器上下文中执行任意代码，获取敏感信息。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

厂商已发布漏洞修复程序，请及时关注更新：https://www.google.com/intl/zh-CN_ALL/chrome/

Reference

https://chromereleases.googleblog.com/2019/03/stable-channel-update-for-desktop_12.html

Impacted products

Name
Google, Inc. Chrome <73.0.3683.75

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2019-5804"
    }
  },
  "description": "Google Chrome\u662f\u7f8e\u56fd\u8c37\u6b4c\uff08Google\uff09\u516c\u53f8\u5f00\u53d1\u7684\u4e00\u6b3eWeb\u6d4f\u89c8\u5668\u3002\n\nGoogle Chrome 73.0.3683.75\u4e4b\u524d\u7248\u672c\u5b58\u5728\u547d\u4ee4\u884c\u547d\u4ee4\u6ce8\u5165\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u6f0f\u6d1e\u5728\u6d4f\u89c8\u5668\u4e0a\u4e0b\u6587\u4e2d\u6267\u884c\u4efb\u610f\u4ee3\u7801\uff0c\u83b7\u53d6\u654f\u611f\u4fe1\u606f\u3002",
  "discovererName": "Luyao Liu(???) from Chengdu Security Response Center of Qihoo 360 Technology Co. Ltd, Mark Brand of Google Project Zero, Dimitri Fourny (Blue Frost Security), Choongwoo Han of Naver Corporation, pdknsk, Jun Kokatsu, Microsoft Browser Vulnerability Research",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1ahttps://www.google.com/intl/zh-CN_ALL/chrome/",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2019-07982",
  "openTime": "2019-03-12",
  "patchDescription": "Google Chrome\u662f\u7f8e\u56fd\u8c37\u6b4c\uff08Google\uff09\u516c\u53f8\u5f00\u53d1\u7684\u4e00\u6b3eWeb\u6d4f\u89c8\u5668\u3002\r\n\r\nGoogle Chrome 73.0.3683.75\u4e4b\u524d\u7248\u672c\u5b58\u5728\u547d\u4ee4\u884c\u547d\u4ee4\u6ce8\u5165\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u6f0f\u6d1e\u5728\u6d4f\u89c8\u5668\u4e0a\u4e0b\u6587\u4e2d\u6267\u884c\u4efb\u610f\u4ee3\u7801\uff0c\u83b7\u53d6\u654f\u611f\u4fe1\u606f\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Google Chrome\u547d\u4ee4\u6267\u884c\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "Google, Inc. Chrome \u003c73.0.3683.75"
  },
  "referenceLink": "https://chromereleases.googleblog.com/2019/03/stable-channel-update-for-desktop_12.html",
  "serverity": "\u4e2d",
  "submitTime": "2019-03-13",
  "title": "Google Chrome\u547d\u4ee4\u6267\u884c\u6f0f\u6d1e"
}

CVE-2019-5804 (GCVE-0-2019-5804)

Vulnerability from cvelistv5 – Published: 2019-05-23 19:21 – Updated: 2024-08-04 20:09

Summary

Incorrect command line processing in Chrome in Google Chrome prior to 73.0.3683.75 allowed a local attacker to perform domain spoofing via a crafted domain name.

Severity ?

No CVSS data available.

CWE

Insufficient data validation

Assigner

Chrome

References

URL

Tags

	https://chromereleases.googleblog.com/2019/03/sta…	x_refsource_MISC
	https://crbug.com/933004	x_refsource_MISC
	http://lists.opensuse.org/opensuse-security-annou…	vendor-advisoryx_refsource_SUSE

Impacted products

	Vendor	Product	Version
	Google	Chrome	Affected: prior to 73.0.3683.75

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T20:09:23.107Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://chromereleases.googleblog.com/2019/03/stable-channel-update-for-desktop_12.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://crbug.com/933004"
          },
          {
            "name": "openSUSE-SU-2019:1666",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Chrome",
          "vendor": "Google",
          "versions": [
            {
              "status": "affected",
              "version": "prior to 73.0.3683.75"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Incorrect command line processing in Chrome in Google Chrome prior to 73.0.3683.75 allowed a local attacker to perform domain spoofing via a crafted domain name."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Insufficient data validation",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-06-28T17:06:07",
        "orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
        "shortName": "Chrome"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://chromereleases.googleblog.com/2019/03/stable-channel-update-for-desktop_12.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://crbug.com/933004"
        },
        {
          "name": "openSUSE-SU-2019:1666",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@google.com",
          "ID": "CVE-2019-5804",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Chrome",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "prior to 73.0.3683.75"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Google"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Incorrect command line processing in Chrome in Google Chrome prior to 73.0.3683.75 allowed a local attacker to perform domain spoofing via a crafted domain name."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Insufficient data validation"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://chromereleases.googleblog.com/2019/03/stable-channel-update-for-desktop_12.html",
              "refsource": "MISC",
              "url": "https://chromereleases.googleblog.com/2019/03/stable-channel-update-for-desktop_12.html"
            },
            {
              "name": "https://crbug.com/933004",
              "refsource": "MISC",
              "url": "https://crbug.com/933004"
            },
            {
              "name": "openSUSE-SU-2019:1666",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
    "assignerShortName": "Chrome",
    "cveId": "CVE-2019-5804",
    "datePublished": "2019-05-23T19:21:29",
    "dateReserved": "2019-01-09T00:00:00",
    "dateUpdated": "2024-08-04T20:09:23.107Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CNVD-2019-07982

CVE-2019-5804 (GCVE-0-2019-5804)

Tags

Sightings

Nomenclature