Bypassing Extension Permission Checks for Privileged Pages in Google Chrome (CVE-2019-5786)

Bypassing Extension Permission Checks for Privileged Pages in Google Chrome (CVE-2019-5786)

CVE-2019-5778 · MEDIUM Severity

AV:N/AC:M/AU:N/C:N/I:P/A:N

A missing case for handling special schemes in permission request checks in Extensions in Google Chrome prior to 72.0.3626.81 allowed an attacker who convinced a user to install a malicious extension to bypass extension permission checks for privileged pages via a crafted Chrome Extension.

Learn more about our Cis Benchmark Audit For Google Chrome.