{"containers": {"cna": {"affected": [{"product": "Chrome", "vendor": "Google", "versions": [{"status": "affected", "version": "prior to 73.0.3683.75"}]}], "descriptions": [{"lang": "en", "value": "Incorrect eliding of URLs in Omnibox in Google Chrome on iOS prior to 73.0.3683.75 allowed a remote attacker to perform domain spoofing via a crafted HTML page."}], "problemTypes": [{"descriptions": [{"description": "Incorrect security UI", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2019-06-28T17:06:08.000Z", "orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28", "shortName": "Chrome"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://chromereleases.googleblog.com/2019/03/stable-channel-update-for-desktop_12.html"}, {"tags": ["x_refsource_MISC"], "url": "https://crbug.com/921390"}, {"name": "openSUSE-SU-2019:1666", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@google.com", "ID": "CVE-2019-5801", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Chrome", "version": {"version_data": [{"version_value": "prior to 73.0.3683.75"}]}}]}, "vendor_name": "Google"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Incorrect eliding of URLs in Omnibox in Google Chrome on iOS prior to 73.0.3683.75 allowed a remote attacker to perform domain spoofing via a crafted HTML page."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Incorrect security UI"}]}]}, "references": {"reference_data": [{"name": "https://chromereleases.googleblog.com/2019/03/stable-channel-update-for-desktop_12.html", "refsource": "MISC", "url": "https://chromereleases.googleblog.com/2019/03/stable-channel-update-for-desktop_12.html"}, {"name": "https://crbug.com/921390", "refsource": "MISC", "url": "https://crbug.com/921390"}, {"name": "openSUSE-SU-2019:1666", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T20:09:23.051Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://chromereleases.googleblog.com/2019/03/stable-channel-update-for-desktop_12.html"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://crbug.com/921390"}, {"name": "openSUSE-SU-2019:1666", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html"}]}]}, "cveMetadata": {"assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28", "assignerShortName": "Chrome", "cveId": "CVE-2019-5801", "datePublished": "2019-05-23T19:19:27.000Z", "dateReserved": "2019-01-09T00:00:00.000Z", "dateUpdated": "2024-08-04T20:09:23.051Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*", "matchCriteriaId": "EA174888-9FEB-4029-8E0D-D6CFCF1A74F6", "versionEndExcluding": "73.0.3683.75", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:apple:iphone_os:-:*:*:*:*:*:*:*", "matchCriteriaId": "B5415705-33E5-46D5-8E4D-9EBADC8C5705", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:opensuse:backports:sle-15:*:*:*:*:*:*:*", "matchCriteriaId": "1CBC4824-9D9F-427D-87A6-60B2CEBAAFEE", "vulnerable": true}, {"criteria": "cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*", "matchCriteriaId": "F1E78106-58E6-4D59-990F-75DA575BFAD9", "vulnerable": true}, {"criteria": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*", "matchCriteriaId": "B620311B-34A3-48A6-82DF-6F078D7A4493", "vulnerable": true}, {"criteria": "cpe:2.3:o:opensuse:leap:42.3:*:*:*:*:*:*:*", "matchCriteriaId": "5F65DAB0-3DAD-49FF-BC73-3581CC3D5BF3", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Incorrect eliding of URLs in Omnibox in Google Chrome on iOS prior to 73.0.3683.75 allowed a remote attacker to perform domain spoofing via a crafted HTML page."}, {"lang": "es", "value": "La eliminaci\u00f3n incorrecta de las URL en Omnibox en Google Chrome en iOS antes de la versi\u00f3n 73.0.3683.75, permiti\u00f3 que un atacante remoto ejecutara una suplantaci\u00f3n de dominio por medio de una p\u00e1gina HTML creada."}], "id": "CVE-2019-5801", "lastModified": "2024-11-21T04:45:31.320", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-05-23T20:29:01.200", "references": [{"source": "chrome-cve-admin@google.com", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html"}, {"source": "chrome-cve-admin@google.com", "url": "https://chromereleases.googleblog.com/2019/03/stable-channel-update-for-desktop_12.html"}, {"source": "chrome-cve-admin@google.com", "url": "https://crbug.com/921390"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://chromereleases.googleblog.com/2019/03/stable-channel-update-for-desktop_12.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://crbug.com/921390"}], "sourceIdentifier": "chrome-cve-admin@google.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "chromium-browser: Incorrect Omnibox display on iOS", "id": "1688203", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1688203"}, "csaw": false, "cvss3": {"cvss3_base_score": "6.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "status": "draft"}, "details": ["Incorrect eliding of URLs in Omnibox in Google Chrome on iOS prior to 73.0.3683.75 allowed a remote attacker to perform domain spoofing via a crafted HTML page."], "name": "CVE-2019-5801", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "chromium-browser", "product_name": "Red Hat Enterprise Linux 6"}], "public_date": "2019-03-12T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2019-5801\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-5801\nhttps://chromereleases.googleblog.com/2019/03/stable-channel-update-for-desktop_12.html"], "threat_severity": "Moderate"}

{}