CVE-2019-5800

Summary

CVE	CVE-2019-5800
State	PUBLIC
Assigner	[email protected]
Source Priority	CVE Program / NVD first with legacy fallback
Published	2019-05-23 20:29:00 UTC
Updated	2023-11-07 03:12:00 UTC
Description	Insufficient policy enforcement in Blink in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to bypass content security policy via a crafted HTML page.

Risk And Classification

Problem Types: CWE-20

NVD Known Affected Configurations (CPE 2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Application	Google	Chrome	All	All	All	All
Application	Google	Chrome	All	All	All	All
Operating System	Opensuse	Backports	sle-15	All	All	All
Operating System	Opensuse	Leap	15.0	All	All	All
Operating System	Opensuse	Leap	15.1	All	All	All
Operating System	Opensuse	Leap	42.3	All	All	All

References

Reference	Source	Link	Tags
894228 - CSP bypass with blob URL - chromium - Monorail	MISC	crbug.com	Exploit, Issue Tracking, Vendor Advisory
[security-announce] openSUSE-SU-2019:1666-1: important: Security update		lists.opensuse.org
Chrome Releases: Stable Channel Update for Desktop		chromereleases.googleblog.com
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

Legacy QID Mappings

710184 Gentoo Linux Chromium Multiple vulnerabilities (GLSA 201903-23)