CVE-2019-13727

High

Insufficient policy enforcement in WebSockets in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to bypass same origin policy…

Chrome·CWE-281·Published 2019-12-10

CVSS

8.8

EPSS

0.01

KEV

Exploits

cve.orgen

164 chars

Insufficient policy enforcement in WebSockets in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to bypass same origin policy via a crafted HTML page.

NVDen

164 chars

Insufficient policy enforcement in WebSockets in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to bypass same origin policy via a crafted HTML page.

NVDes

237 chars

Una aplicación de política insuficiente en WebSockets en Google Chrome versiones anteriores a la versión 79.0.3945.79, permitió a un atacante remoto omitir la política del mismo origen por medio de una página HTML especialmente diseñada.

CVSS metrics across sources

Version	Type	Source	Base	Exp	Impact	Vector
2.0	Primary	NVD	6.8	8.6	6.4	AV:N/AC:M/Au:N/C:P/I:P/A:P
3.1	Primary	NVD	8.8	2.8	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H